OpenAI: DDoS Attack the Cause of ChatGPT Outages
The outages that dogged OpenAI’s popular ChatGPT generative AI chatbot this week were caused by a distributed denial-of-service attack that has since been resolved, according to the company.
The AI tech vendor reported a major outage across ChatGPT and its API Wednesday and then periodic outages on Thursday, attributing both incidents to a DDoS attack.
“We are dealing with periodic outages due to an abnormal traffic pattern reflective of a DDoS attack,” the company wrote for both days.
Those problems followed partial outages of the chatbot on Tuesday and an elevated rate of error rates Monday among users of the API for Dall-E, OpenAI’s text-to-image generative AI tool.
The attack came the week of OpenAI’s first developer-focused DevDay event, where the company announced a range of new and enhanced capabilities to its portfolio, including releasing a platform that will allow some users to more easily create custom versions of ChatGPT and make these versions – which OpenAI calls “GPTs” – available on an online app store – similar to the ones offered for devices running Google’s Android and Apple’s iOS mobile operating systems.
Also at the event, the company released GPT-4, its most powerful AI model, and said it has more than 100 million users a week using ChatGPT.
Anonymous Sudan Takes Credit
OpenAI officials didn’t name the culprit behind the attack – or say that they even knew who it was – but the threat group Anonymous Sudan took responsibility in a post on the Telegram messaging site, adding that it targeted the company for aiding Israel in its battle with the terrorist group Hamas and for simply being an American company.
The notorious group said OpenAI CEO Sam Altman had talked about his willingness to increase his investments in Israel and had met with Israeli Prime Minister Benjamin Netanyahu and other government officials and that the company has taken an anti-Palestinian stance.
The group also pointed to AI technology generally being used by Israel’s military and intelligence community and added that “OpenAI is an American company, and we still are targeting any American company.”
Anonymous Sudan, which has been linked to the Russian Killnet collective, surfaced in January and has claimed responsibility for a number of high-profile DDoS attacks, including those against Microsoft – which took down such web services as Outlook.com and OneDrive – X (formerly Twitter), and Telegram, and has been active in both the Russia-Ukraine and Israel-Hamas conflicts.
Productivity Took a Hit
The outages likely effected productivity at a range of companies, with 92% of Fortune 500 companies using ChatGPT, OpenAI CTO Mira Murati reportedly told journalists at DevDay.
“ChatGPTs periodic outages are a concern, but more because we have been sold the large-language-model AI as a panacea of knowledge [and] of worker productivity,” Andrew Barratt, vice president at cybersecurity firm Coalfire, wrote in an email. “What this demonstrates is the importance of understanding the capabilities of a third-party that plays a significant role in the business.”
It also should put a spotlight on the issue or some knowledge workers using AI without their employers fully being aware, Barratt said.
The ripple effect of the outages through the corporate world is wide, given its high use, according to Dean Webb, cybersecurity solutions engineer with Merlin Cyber, and Callie Guenther, senior manager of cyberthreat research at Critical Start.
“A service outage for ChatGPT is an outage for all tools that invoke its API for AI functionality,” Webb said in an email. “AI-driven tools have already made big entries into customer service, content creation, and data analysis – and data analysis is where many security tools live or die.”
He added that the “DDoS attack shows that the API call back to the AI solution is a weak link,” noting that AI services like Google’s Bard and Anthropic AI’s Claude chatbots also experienced disruptions this week, though seemingly not related to ChatGPT’s issues.
Developers Affected
Guenther said in an email that the ChatGPT interruptions impacted developers who rely on its APIs for their work, interrupting workflows and likely delaying in some projects. Given developers’ use of the chatbot for streamlining coding processes, they had to spend more times doing tasks that were faster with AI.
“For those who have incorporated OpenAI’s services into their products, the downtime may prompt a review of their current dependencies and perhaps an exploration of alternative options to bolster their systems against similar incidents in the future,” she said.
Webb said organizations also may end up waiting for platforms from more established players before diving headfirst into the generative AI waters.
“There are already open questions about ChatGPT’s OpenAI API stability, with developers looking towards Microsoft’s Azure OpenAI as a more stable alternative,” he said. “Today’s DDoS demonstrates that open and experimental is fine for proof-of-concept arrangements. However, we will need a solution from a ‘big dog’ vendor like Microsoft to satisfy the corporate customer’s demands for reliable uptime.”
