OpenAI’s ChatGPT API has been found to have a significant crawler vulnerability that enables attackers to launch Distributed Denial of Service (DDoS) attacks on arbitrary websites. 

This vulnerability is a significant concern for both web administrators and enterprises since it poses substantial risks to website availability.

According to Benjamin Flesch, the vulnerability lies within the ChatGPT API, specifically in how it handles HTTP POST requests directed at the endpoint https://chatgpt[.]com/backend-api/attributions. The API is designed to process a list of hyperlinks passed through the URLs parameter.

“ChatGPT crawler can be triggered to DDoS a victim website via HTTP request to unrelated ChatGPT API. This defect in OpenAI software will spawn a DDoS attack on unsuspecting victim website, utilizing multiple Microsoft Azure IP address ranges on which ChatGPT crawler is running.” Benjamin added.

Unfortunately, due to inadequate programming practices, OpenAI fails to implement checks against duplicate hyperlinks or to set a limit on the total number of URLs that can be submitted.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Technical Details Of The Vulnerability

The potential for a DDoS attack is significant due to the high volume of requests that can be generated by simply manipulating the URL parameter. 

Attackers could exploit this flaw by crafting malicious HTTP requests that lead to thousands of connections directed at a specific website, thereby reducing its availability.

HTTP POST Request Handling: The API is intended to accept and process hyperlinks, but with no enforced limit on the number of entries, it can accept vast quantities of hyperlinks in a single request.

Amplification Factor: Upon receiving a request, the API immediately sends an HTTP request for each hyperlink listed, originating from OpenAI’s servers hosted on Microsoft Azure. This can lead to a burst of simultaneous connection attempts to the target server, effectively overwhelming it with traffic.

Concurrency Without Limits: The current mechanism allows OpenAI’s infrastructure to initiate multiple parallel requests to the same website, with no restrictions on the number or frequency of these requests. This careless handling could result in severe service disruptions for the targeted websites.

The vulnerability was discovered in January 2025 and properly communicated to both OpenAI and Microsoft, with the aim of prompt remedy. However, the researcher reported that neither party had responded as of January 10, 2025.

Recommendations

Given the critical nature of this vulnerability, immediate steps are recommended for website owners and administrators to protect their services:

• Traffic Monitoring: Implement measures to monitor incoming traffic for unusual spikes that may indicate the onset of a DDoS attack.
• Rate Limiting: Use rate-limiting solutions to mitigate the effects of surging requests from specific IP ranges.
• Firewalls and Filters: Employ web application firewalls (WAFs) to filter out malicious traffic effectively.
• Communication with ISPs: Engage with Internet Service Providers for additional support on managing excessive traffic.

The ChatGPT crawler vulnerability highlights the need for rigorous quality control within software engineering practices, especially for applications that manage significant web traffic. 

As entities like OpenAI and Microsoft work to address this flaw, it is imperative for web administrators to stay vigilant and proactive in safeguarding their infrastructure against potential DDoS attacks stemming from this and similar vulnerabilities.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar