Cybersecurity Risks Linked to ChatGPT Search Bot

The Register reports that OpenAI’s ChatGPT search bot is apparently capable of causing Denial-of-Service (DoS) attacks on random websites. The company has not yet commented on the matter in any way.

According to German cybersecurity researcher Benjamin Flesch, a user can generate multiple requests to a website with a single HTTP request to the ChatGPT API. These requests are carried out by ChatGPT’s search bot, which retrieves answers for users from various websites.

In practice, the number of requests might not necessarily be sufficient to crash a website, but the situation is still embarrassing for OpenAI. A single user request can result in up to 5000 requests per second targeting the victimized website.

If the ChatGPT API is provided with several slightly different links pointing to the same website, the search bot processes each one individually. According to Flesch, OpenAI does not verify if the same hyperlink appears multiple times on the list. There is also no limit on the number of hyperlinks that can be included in a single request, allowing a user to submit thousands of links at once.

Flesch also stated that the search bot continues to send requests even if the victim blocks all its IP addresses with a firewall.

Flesch claims to have reported the issue to OpenAI and Microsoft through multiple channels but has not received any response.

Read more about this topic from the following page:

OpenAI’s ChatGPT crawler can be tricked into DDoSing sites, answering your queries
https://www.theregister.com/2025/01/19/openais_chatgpt_crawler_vulnerability/