An apparent DDoS attack was the cause of recent outages at ChatGPT.

On Wednesday, Open AI announced that periodic outages across its popular AI chatbot ChatGPT were due to an abnormal traffic pattern reflective of a DDoS attack.

“We are continuing work to mitigate this,” the latest update stated. According to the site, users began seeing elevated error rates starting Nov. 6 across ChatGPT and the API. A fix was implemented however the services are still experiencing “degraded performance”.

The outages could have far reaching implications as people have been using the service to help with everything from writing emails, term papers to finding bug fixes in code. Here, security leaders share their thoughts.

Security leaders weigh in 

Callie Guenther, Senior Manager, Cyber Threat Research at Critical Start:

“The recent service interruptions of OpenAI's ChatGPT have presented challenges for developers, particularly those who rely on its APIs for coding-related tasks. These outages have temporarily affected workflows, as developers are accustomed to using these tools for code completion, debugging and learning new coding practices. Consequently, some projects may experience delays.

Productivity may also be impacted, given the role of AI in streamlining coding processes. Developers might find themselves spending more time on tasks typically accelerated by AI, such as generating code snippets or refining algorithms.

For those who have incorporated OpenAI's services into their products, the downtime may prompt a review of their current dependencies and perhaps an exploration of alternative options to bolster their systems against similar incidents in the future.

On the customer front, there may be an uptick in support inquiries as users seek assistance for issues arising from the outages. This situation requires companies to allocate additional support resources to maintain customer satisfaction and address any service disruptions.”

Andrew Barratt, Vice President at Coalfire:

“ChatGPTs periodic outages are a concern, but more because we have been sold the large language model AI as a panacea of knowledge of worker productivity. What this demonstrates is the importance of understanding the capabilities of a third-party that plays a significant role in the business. It might also start to highlight certain knowledge workers who have been leveraging AI without their employers fully being aware.”

Dean Webb, Cybersecurity Solutions Engineer, Merlin Cyber:

“Security tools that utilize the ChatGPT API for their functionality are impacted. A service outage for ChatGPT is an outage for all tools that invoke its API for AI functionality. AI-driven tools have already made big entries into customer service, content creation and data analysis — and data analysis is where many security tools live or die. This DDoS attack shows that the API call back to the AI solution is a weak link. Other AI services such as Google Bard and were also hit with outages, so this calls into question the validity of having a backup AI solution when the main one goes down. If the secondary solution is also offline, then a tool that depends upon an AI API call for it to work is dead in its tracks.

There are already open questions about ChatGPT’s OpenAI API stability, with developers looking towards Microsoft’s Azure OpenAI as a more stable alternative. Today’s DDoS demonstrates that open and experimental is fine for proof of concept arrangements, however, we will need a solution from a ‘Big Dog’ vendor like Microsoft to satisfy the corporate customer’s demands for reliable uptime.”

Jeremy Ventura, Director of Security Strategy & Field CISO at ThreatX

“In recent weeks, we have seen an uptick in observed DDoS attacks against organizations' applications and APIs, reaching unprecedented levels, such as 200-400 RPS (requests per second). This signals that the threat landscape and risk for organizations have reached a new era.

Historically, we have seen nation-states and other hacking affiliates launch these types of attacks against enemies who are in opposition — referring to claims via Anonymous Sudan claiming the attack. It's also important to note this attack may have been timed with the recent launch of GPT-4 Turbo. This should be a sounding alarm for all organizations that DDoS attacks can immensely impact everyone and anyone. Organizations can recover within hours, if not days, from a DDoS attack with the right application and API protections and remediation plans in effect.”

Ashwin Vamshi, Cybersecurity Expert at Menlo Security:

“Anonymous Sudan is a group of religiously and politically motivated hacktivists from Sudan who have been conducting religiously motivated denial-of-service attacks against several Western countries since January 2023. The group's attacks are characterized as Web DDoS attacks combined with alternating waves of UDP and SYN floods. The attacks originate from tens of thousands of unique source IP addresses with UDP traffic reaching up to 600Gbps and HTTPS request floods up to several million RPS. The group leverages public cloud server infrastructure to generate traffic and attack floods while leveraging free and open proxy infrastructures to hide and randomize the source of the attacks.

While our Labs team is collecting intel around the involvement of the DDOS attack on ChatGPT, there is no intel on Security Teams being hit that we are tracking at this time. The outage can impact organizations and teams using ChatGPT for daily productivity and content creation. For example - Chatbots provide human-like conversations like email responses and Technical support.

OpenAI's security team observed a group engaging in the unauthorized reverse engineering and exploitation of ChatGPT's internal API. Instead of immediately taking down the group, they promptly substituted ChatGPT with CatGPT and then discreetly monitored the attackers' activities on Discord, witnessing the ensuing chaos.

We can expect the ChatGPT security team to effectively handle this and prevent future outages.”

Rahul Pawar, Global Vice President, Security GTM & CTO, GSS at Commvault:

"While every company is being attacked, AI Companies are treasure troves as they have access to a lot of valuable data. The attack in this early stage of AI is aimed to tarnish the image of AI. DDos has become more sophisticated and ironically uses AI to further sophisticate the botnet attack modules. Multiple layers, web application firewalls, load balancers, and identifying the attack traffic are key ways to stay ahead of this. Most of these techniques are already in use by public cloud companies, and ChatGPT will have to develop mitigation strategies. This will be one of many such attacks they will have to fend off.”