google, search, ai, artificial intelligence, ai assistant, chatgpt, deepseek, gemini, claude, ai bot, gadgets,

According to detailed information from cybersecurity researchers, OpenAI’s ChatGpt Application Programming Interface (API) has a vulnerability that can be exploited to launch a distributed denial of service (DDOS) attack on a website. Chatbots are reportedly available to send thousands of network requests to websites using Chatgpt Crawler. The researchers claim that the vulnerability given a high severity rating remains active, and the company has not responded to when the problem will be resolved.

The CHATGPT API allows multiple parallel network requests to the same website

In a GitHub post shared earlier this month, Germany-based security researcher Benjamin Flesch detailed the vulnerability present in the Chatgpt API. The researchers also released code for a proof of concept that sent 50 parallel HTTP requests to the test site and revealed how the error was used to trigger a DDOS attack.

According to Flesch, a vulnerability in handling http POST requests surfaced. This is a way to send data to a server, which is usually used by API endpoints to create new resources. When performing this function, the ChatGPT API requires a list of hyperlinks in the URL parameters.

According to the researchers, it seems to be a flaw in its API, OpenAI does not check if there are multiple hyperlinks in the list that are hyperlinked to the same resource. Since hyperlinks to websites can be written in different ways, this causes crawling to send multiple parallel network requests to the same website. Additionally, Flesch claims OpenAI do not force a limit on the maximum number of hyperlinks that can be added to the URL parameters and sent in a single request.

Related contentThe 13 best TVs we've reviewed, plus buying advice (2025)

As a result, a malicious actor could send thousands of hits to the website, which could quickly flood their servers. Security researchers gave this vulnerability a highly severity “8.6 CVSS” rating because it is network-based, has low execution, and does not require privileges or user interaction, but can have a high impact on availability.

Flesch claims to have been linked to OpenAI and Microsoft, whose server hosts Chatgpt API hosting, the vulnerability has been through different channels several times after the bug was discovered in January. He claimed that he reported to the OpenAI security team, OpenAI staff through reports, OpenAI data privacy officer, and Microsoft’s security and Azure network operations team.

Despite several attempts to mark vulnerabilities, researchers claim the problem was neither resolved nor AI companies acknowledged its existence. Tech Word News staff members were unable to verify errors in chatbots.

Similar Posts

Glass trailer unfolds into a spacious home in just 15 minutes

Innovative glass trailer transforms into a spacious home in just 15 minutes.Modular glass trailer expands into a roomy living space in under 15 minutes.Smart glass trailer swiftly converts into a large home in 15 minutes.Cutting-edge glass trailer unfolds into a comfortable home in a quarter of an hour.Revolutionary glass trailer quickly extends into a spacious dwelling in 15 minutes.Ultra-modern glass trailer expands into a full-sized home in just 15 minutes.Efficient glass trailer unfolds into a generous living space in 15 minutes.Space-saving glass trailer transforms into a spacious home in under 15 minutes.Portable glass trailer rapidly unfolds into a spacious home in 15 minutes.High-tech glass trailer expands into a roomy residence in just 15 minutes.

ByTech Word News

Forget Everything You Thought You Knew About RVs Dutch company Expandable has revolutionized mobile living with its groundbreaking creation, TouchDown. This isn’t just another RV—it’s…