\u2018Severe\u2019 bug in ChatGPT\u2019s API could be used to DDoS websites | CyberScoop<\/title> <meta name=\"description\" content=\"The vulnerability, described by a researcher as \u201cbad programming,\u201d allows an attacker to send unlimited connection requests through ChatGPT\u2019s API.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ddos-openai-chatgpt-api-vulnerability-microsoft\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"\u2018Severe\u2019 bug in ChatGPT\u2019s API could be used to DDoS websites\"> <meta property=\"og:description\" content=\"The vulnerability, described by a researcher as \u201cbad programming,\u201d allows an attacker to send unlimited connection requests through ChatGPT\u2019s API.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ddos-openai-chatgpt-api-vulnerability-microsoft\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2025-01-22T19:45:29+00:00\"> <meta property=\"article:modified_time\" content=\"2025-01-22T19:45:32+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites-2.jpg\"> <meta property=\"og:image:width\" content=\"8063\"> <meta property=\"og:image:height\" content=\"5376\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1732206022g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1736472017g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1737070850g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=cc5cb8dd0a9ba2b865c4\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/83221\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=83221\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fddos-openai-chatgpt-api-vulnerability-microsoft%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fddos-openai-chatgpt-api-vulnerability-microsoft%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-83221 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ddos-openai-chatgpt-api-vulnerability-microsoft\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.542553191489\">\n<div class=\"single-article__header-content\" readability=\"32.567567567568\">\n<p> The vulnerability, described by a researcher as \u201cbad programming,\u201d allows an attacker to send unlimited connection requests through ChatGPT\u2019s API. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites-2.jpg 8063w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites-2.jpg?resize=2048,1366 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites-2.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites-2.jpg?resize=1264,843 1264w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> A photo taken on March 31, 2023 in Manta, near Turin, shows a computer screen with the home page of the artificial intelligence OpenAI web site, displaying its chatGPT robot. (Photo by Marco BERTORELLO \/ AFP) (Photo by MARCO BERTORELLO\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"37.801252556237\"><body readability=\"75.957008244994\"><\/p>\n<p>A vulnerability in ChatGPT\u2019s API can generate DDoS attacks against targeted websites, but the security researcher who discovered it says the flaw has since been addressed by OpenAI.<\/p>\n<p>In a <a href=\"https:\/\/github.com\/bf\/security-advisories\/blob\/main\/2025-01-ChatGPT-Crawler-Reflective-DDOS-Vulnerability.md\">security advisory<\/a> posted to the developer platform GitHub, German security researcher Benjamin Flesch detailed the bug, which occurs when the API is processing HTTP POST requests to the back-end server.<\/p>\n<p>The API is set up to receive hyperlinks in the form of URLs, but in a move Flesch described as \u201cbad programming,\u201d OpenAI did not have a limit on the number of URLs that can be included in a single request. That error allows an attacker to cram thousands of URLs within a single request, something that could overload traffic to a targeted website.<\/p>\n<p>\u201cDepending on the number of hyperlinks transmitted to OpenAI via the URLs parameter, the large number of connections from OpenAI\u2019s servers might overwhelm the victim website,\u201d Flesch wrote. \u201cThis software defect provides a significant amplification factor for potential DDoS attacks.\u201d<\/p>\n<p>Flesch posted proof-of-concept code demonstrating that the flaw could be exploited to overload a local host with connection attempts from OpenAI servers. The vulnerability was assigned a CVSS score of 8.6 because it\u2019s a network-based, low-complexity flaw that doesn\u2019t require elevated privileges or user interaction to exploit.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Flesch said the vulnerability was discovered this month, and the GitHub page for the vulnerability was first created Jan. 10. The issue was reported to OpenAI and Microsoft, which owns the servers spawning the requests, under responsible disclosure rules. In an update, Flesch noted that OpenAI has since disabled the vulnerable endpoint and that the proof-of-concept code no longer works.<\/p>\n<p>But initially, the post lamented that \u201cunfortunately it was not possible to obtain a reaction from either [Microsoft or OpenAI] in due time, even though many attempts to ensure a mitigation of this software defect were made.\u201d<\/p>\n<p>Those efforts included contacting OpenAI\u2019s security team through their account on BugCrowd, emailing OpenAI\u2019s bug-reporting email account, data privacy officer and support teams, and reaching out to OpenAI security researchers through their own GitHub pages. He also claimed to have reported the issue to Microsoft security personnel through email, online forms and even via Cloudflare, Microsoft\u2019s gateway provider.<\/p>\n<p>According to Flesch, those entreaties were initially ignored or dismissed until news outlets began reporting on the flaw.<\/p>\n<p>CyberScoop has reached out to OpenAI and Microsoft for comment.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>As the public has become more interested in large language models like that which power ChatGPT, so too have security researchers, who seek to poke and prod those same emerging systems for vulnerabilities.<\/p>\n<p>However, companies like OpenAI have largely <a href=\"https:\/\/cyberscoop.com\/ai-companies-election-transparency\/\">sought to limit<\/a> the access that outside security researchers have to their technology, something cybersecurity experts worry could narrow the focus of their research and limit their ability to speak openly about security issues.<\/p>\n<p>OpenAI has <a href=\"https:\/\/openai.com\/policies\/usage-policies\/\">a usage policy<\/a> that prohibits the circumvention of safeguards and safety mitigations in their software \u201cunless supported by OpenAI.\u201d The company has established a network of external red-teamers who look for security vulnerabilities under OpenAI\u2019s guidance and direction.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.8058252427184\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites-1.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ddos-openai-chatgpt-api-vulnerability-microsoft\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u2018Severe\u2019 bug in ChatGPT\u2019s API could be used to DDoS<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,385,174,564,256,310,288],"tags":[236,389,178,565,262,311,294],"class_list":["post-7026","post","type-post","status-publish","format-standard","hentry","category-ai","category-chatgpt","category-ddos","category-openai","category-research","category-technology","category-threats","tag-ai","tag-chatgpt","tag-ddos","tag-openai","tag-research","tag-technology","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/chatgpt\/\" rel=\"category tag\">ChatGPT<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ddos\/\" rel=\"category tag\">DDoS<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/openai\/\" rel=\"category tag\">OpenAI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7026","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7026"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7026\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7026"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7026"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7026"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7026,"date":"2025-01-22T13:45:29","date_gmt":"2025-01-22T19:45:29","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83221"},"modified":"2025-01-22T13:45:29","modified_gmt":"2025-01-22T19:45:29","slug":"severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/01\/22\/severe-bug-in-chatgpts-api-could-be-used-to-ddos-websites\/","title":{"rendered":"\u2018Severe\u2019 bug in ChatGPT\u2019s API could be used to DDoS websites"},"content":{"rendered":"