OpenAI's ChatGPT crawler has been identified with a significant vulnerability that could enable it to launch distributed denial of service (DDoS) attacks on various websites.

This issue stems from a flaw in the way the ChatGPT API processes HTTP POST requests aimed at retrieving attributions for cited websites.

Security researcher Benjamin Flesch highlighted that the API lacks checks for duplicate hyperlinks and does not impose limits on the number of hyperlinks submitted, which allows attackers to inundate requests.

Using tools like Curl, an attacker can send requests to the ChatGPT API without requiring an authentication token, leading to a surge of requests directed at a targeted website.

A single request to the ChatGPT API can be amplified into anywhere from 20 to over 5,000 requests per second to a victim's site, potentially crippling it.

The ChatGPT bot can execute attacks from multiple IP addresses, complicating efforts for victims to trace the source of the assault.

Flesch also raised alarms about the API's vulnerability to prompt injection, indicating a broader lack of security measures in OpenAI's implementation.

Flesch detailed this vulnerability in a write-up shared on Microsoft's GitHub platform in January 2025.

After reporting the vulnerability to OpenAI's BugCrowd platform, its security team, Microsoft, and HackerOne, Flesch noted a lack of response from these entities.

He criticized OpenAI for failing to implement basic validation logic to prevent such abuses, which is considered standard practice in software development.