AI/ML, Cloud Security, Vulnerability Management

ChatGPT cloud infrastructure threatened by newly patched bug

New ChatGPT Time Bandit jailbreak examined for cyber threat. (Adobe Stock)

SecurityWeek reports that OpenAI's ChatGPT artificial intelligence chatbot was discovered to potentially have leaked its cloud infrastructure due to a recently fixed security server-side request forgery vulnerability.

Attackers could leverage the SSRF flaw, which was identified within the chatbot's Actions section, to send queries to a local endpoint related to the Azure Instance Metadata Service and secure the IMDS identity's access token to eventually infiltrate OpenAI's Azure cloud infrastructure, according to Open Security security engineer Jacob Krut, who found and reported the issue. OpenAI has immediately addressed the high-severity vulnerability upon Krut's disclosure. Whether Krut was rewarded for the flaw remains unclear.

"This SSRF in ChatGPT's Custom GPT Actions is a textbook example of how small validation gaps at the framework layer can cascade into cloud-level exposure and highlights the severity of this often-overlooked attack vector," said Black Duck Senior R&D Manager Christopher Jess.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds