ChatGPT Crawler Vulnerability: Potential for DDoS Attacks and Prompt Injection

Curated by THEOUTPOST

On Mon, 20 Jan, 4:01 PM UTC

4 Sources

Share

A security researcher has uncovered a vulnerability in ChatGPT's crawler that could potentially be exploited for DDoS attacks and prompt injection, raising concerns about AI security and OpenAI's response to the issue.

ChatGPT Crawler Vulnerability Discovered

Security researcher Benjamin Flesch has uncovered a significant vulnerability in OpenAI's ChatGPT crawler that could potentially be exploited to launch Distributed Denial of Service (DDoS) attacks on websites 1. The flaw, which Flesch describes as a "severe quality defect," lies in the handling of HTTP POST requests to a specific API endpoint used by ChatGPT 2.

How the Vulnerability Works

The vulnerability stems from ChatGPT's API not verifying if hyperlinks are repeated within a list or enforcing a limit on the total number of hyperlinks submitted 2. This allows an attacker to send thousands of hyperlinks in a single HTTP request, potentially overwhelming a target website. The ChatGPT crawler, using Cloudflare, accesses the site from different IP addresses with each request, making it difficult for victims to trace the source of the attack 2.

Potential for DDoS Attacks

Flesch demonstrated that a single API request could be amplified into 20 to 5,000 or more requests to a chosen victim's website every second 4. This amplification effect means an attacker can send a small number of requests to the ChatGPT API, resulting in a large number of requests to the victim's site 2.

Prompt Injection Vulnerability

In addition to the DDoS potential, Flesch identified another issue related to prompt injection. This flaw allows the crawler to process arbitrary questions using the same attributions API endpoint, rather than only fetching website data as intended 24.

Severity and Reporting

Flesch assigned the vulnerability a high severity rating of 8.6 CVSS, citing its network-based nature, low complexity in execution, and potential for high impact on availability 3. He reported the issue through multiple channels, including OpenAI's BugCrowd platform and Microsoft's security teams, but claims to have received no response 23.

OpenAI's Lack of Response

Despite multiple attempts to flag the vulnerability, Flesch states that the issue remains unresolved, and OpenAI has not acknowledged its existence 3. The Register reached out to OpenAI for comments but did not receive a reply 4.

Implications for AI Security

This vulnerability raises questions about the security practices in AI development. Flesch criticized OpenAI for failing to implement basic security measures, such as deduplicating URLs or limiting the size of URL lists 2. He speculated that the API might be an experimental project for OpenAI's AI agents, lacking necessary validation logic to prevent abuse 4.

Industry Reactions

Elad Schulman, founder and CEO of Lasso Security Inc., agreed with Flesch's conclusions and highlighted another potential exploit. He suggested that if a hacker compromised someone's OpenAI account, they could "easily spend a monthly budget of a large language model-based chatbot in just a day," potentially causing financial damage 1.

As AI continues to evolve, this incident underscores the need for companies to implement robust security measures to prevent the abuse of their services. It also highlights the importance of responsible disclosure and timely responses to reported vulnerabilities in the AI industry.

Continue Reading
OpenAI Confirms ChatGPT Abuse by Hackers for Malware and

OpenAI Confirms ChatGPT Abuse by Hackers for Malware and Election Interference

OpenAI reports multiple instances of ChatGPT being used by cybercriminals to create malware, conduct phishing attacks, and attempt to influence elections. The company has disrupted over 20 such operations in 2024.

Bleeping Computer logoTom's Hardware logoTechRadar logoArs Technica logo

15 Sources

Bleeping Computer logoTom's Hardware logoTechRadar logoArs Technica logo

15 Sources

ChatGPT Search Vulnerability Exposes Risks of AI-Powered

ChatGPT Search Vulnerability Exposes Risks of AI-Powered Web Searches

OpenAI's ChatGPT Search feature is found vulnerable to manipulation through hidden text and prompt injections, raising concerns about the reliability of AI-powered web searches.

NDTV Gadgets 360 logoInc.com logo

2 Sources

NDTV Gadgets 360 logoInc.com logo

2 Sources

ChatGPT macOS Vulnerability: Long-Term Data Exfiltration

ChatGPT macOS Vulnerability: Long-Term Data Exfiltration Risk Discovered

A critical vulnerability in ChatGPT's macOS app could have allowed hackers to plant false memories, enabling long-term data exfiltration. The flaw, now patched, highlights the importance of AI security.

The Hacker News logoArs Technica logo

2 Sources

The Hacker News logoArs Technica logo

2 Sources

ChatGPT Experiences Global Outage, OpenAI Swiftly Resolves

ChatGPT Experiences Global Outage, OpenAI Swiftly Resolves Issue

OpenAI's ChatGPT faced a significant global outage, affecting millions of users. The company quickly acknowledged the problem, investigated the cause, and implemented a fix, highlighting the growing reliance on AI technologies.

Economic Times logoUSA Today logoTechCrunch logoNew York Post logo

18 Sources

Economic Times logoUSA Today logoTechCrunch logoNew York Post logo

18 Sources

OpenAI Cracks Down on ChatGPT Misuse: Bans Accounts Linked

OpenAI Cracks Down on ChatGPT Misuse: Bans Accounts Linked to Surveillance and Influence Campaigns

OpenAI has banned multiple accounts for misusing ChatGPT in surveillance and influence campaigns, highlighting the ongoing challenge of preventing AI abuse while maintaining its benefits for legitimate users.

TechSpot logoTechRadar logoThe Hacker News logoDigital Trends logo

15 Sources

TechSpot logoTechRadar logoThe Hacker News logoDigital Trends logo

15 Sources

TheOutpost.ai

Your one-stop AI hub

The Outpost is a comprehensive collection of curated artificial intelligence software tools that cater to the needs of small business owners, bloggers, artists, musicians, entrepreneurs, marketers, writers, and researchers.

© 2025 TheOutpost.AI All rights reserved