Recently, a German security researcher named Benjamin Fleish published a report on Microsoft's GitHub, highlighting a serious security vulnerability in OpenAI's ChatGPT API that could be exploited to launch Distributed Denial of Service (DDoS) attacks. This vulnerability allows attackers to send massive network requests to any website by utilizing ChatGPT's crawler through simple HTTP requests, potentially crippling the targeted site.
Image Source Note: Image generated by AI, image licensed from Midjourney
According to Fleish's report, the ChatGPT API exhibits serious flaws when handling HTTP POST requests directed at specific websites. When ChatGPT references a website, it calls an API endpoint known as "attributions" to request information from that site. If an attacker sends a request to this API containing a large number of different links, ChatGPT's crawler will access all these links simultaneously, flooding the targeted site with requests.
Fleish points out that the API does not perform duplicate checks on incoming links and imposes no limit on the number of links. This means that attackers can submit thousands of links in a single request, all pointing to the same target site. Using simple tools, attackers can send requests to ChatGPT's endpoint without authentication, and OpenAI's servers will send requests for each link, potentially flooding the target site with 20 to 5000 requests per second.
Because the requests come from different IP addresses, it is difficult for the victim to detect the attack. Even if the victim enables a firewall to block ChatGPT's IP addresses, the crawler will resend requests in the next millisecond. Fleish stated that he has reported this issue to OpenAI and Microsoft through multiple channels but has yet to receive a response.
In addition to the DDoS vulnerability, Fleish also mentioned that the API has other security issues, including prompt injection vulnerabilities. This allows the crawler to answer questions through the same API endpoint instead of just retrieving information from websites. Fleish questions why OpenAI has not implemented basic security measures to prevent such abuses, pointing out that these are simple validation logics commonly adopted by software developers over the years.
He believes that this vulnerability may indicate that OpenAI did not adequately consider security when developing its "AI agent." For a long-operating web crawler, the lack of limits on the number of requests to the same website is particularly unreasonable.
Key Points:
1. 🚨 A security vulnerability has been discovered in OpenAI's ChatGPT API that could be used to launch DDoS attacks.
2. 📈 Attackers can send thousands of links pointing to the same website in a single request, overwhelming the target site.
3. ❗ This vulnerability has been reported to OpenAI and Microsoft, but no response has been received, indicating negligence in security management.