Are OpenAI's ChatGPT Actions Being Abused To Scan For Web Vulnerabilities?

by
EditorDavid
from Slashdot on (#6Q7Y0)
Long-time Slashdot reader UnderAttack explains: A blog post at the SANS Internet Storm Center suggests that OpenAI actions are being abused to scan for WordPress vulnerabilities. Honeypot sensors at the Storm Center detected scans for URLs targeting WordPress that originated exclusively from OpenAI systems. The URLs requested all pages including the pattern '%%target%%', which may indicate that the scan is meant to include additional path components but the expansion of the template failed. The scans were not only identified by the unique user agent but also by the origin IP addresses matching addresses OpenAI published as being used for OpenAI actions. OpenAI actions allow OpenAI to connect to external APIs. Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu, wrote that OpenAI seems to be scanning random IP addresses - including honeypots.

twitter_icon_large.pngfacebook_icon_large.png

Read more of this story at Slashdot.

External Content
Source RSS or Atom Feed
Feed Location https://rss.slashdot.org/Slashdot/slashdotMain
Feed Title Slashdot
Feed Link https://slashdot.org/
Feed Copyright Copyright Slashdot Media. All Rights Reserved.
Reply 0 comments