Tag Archives: OpenAI

ChatGPT – SSRF Vulnerability (CVE-2024-27564)

Posted on by
ChatGPT Vulnerability

Threat actors are targeting a year-old server-side request forgery (SSRF) vulnerability in a third-party ChatGPT tool, mainly against financial entities and US government organizations, cybersecurity firm Veriti reports.

The affected tool is called ChatGPT, but it’s not made by OpenAI. Instead, it’s an open source tool created by a Chinese developer, designed to provide an interface for interacting with the ChatGPT gen-AI service.

The bug, tracked as CVE-2024-27564, is a medium-severity issue affecting the pictureproxy.php file. It allows attackers to inject crafted URLs in the url parameter and force the application to make arbitrary requests.

Reported in September 2023 and publicly disclosed one year ago, the flaw can be exploited without authentication, and has had proof-of-concept (PoC) exploit code available publicly for some time.

According to Veriti, at least one threat actor has added an exploit for CVE-2024-27564 to its arsenal, and has started probing the internet for vulnerable applications.

Within a single week, the cybersecurity firm observed over 10,000 attack attempts coming from a single IP address. Roughly one-third of the targeted organizations are potentially at risk of exploitation due to misconfigurations in their protection solutions, Veriti warns.

Most of the attacks were targeting organizations in the US, mainly in the government and financial sector. Financial and healthcare firms in Germany, Thailand, Indonesia, Colombia, and the UK were targeted as well.

“Banks and fintech firms depend on AI-driven services and API integrations, making them vulnerable to SSRF attacks that access internal resources or steal sensitive data,” Veriti notes.

Although a medium-severity issue, CVE-2024-27564 has become a real-world attack vector and organizations should address it as soon as possible. They should also check their intrusion prevention systems and firewalls for any misconfigurations and monitor logs for known attacker IP addresses.

“Ignoring medium-severity vulnerabilities is a costly mistake, particularly for high-value financial organizations,” Veriti says.

*updated to clarify that the ChatGPT tool impacted by CVE-2024-27564 is not in any way related to ChatGPT developer OpenAI.

SOURCE ARTICLE: Click Here!

OpenAI plans to Shift Compute Needs from Microsoft to SoftBank

Posted on by
Softbank & OpenAI
Softbank & OpenAI

OpenAI is forecasting a major shift in the next five years around who it gets most of its computing power from, The Information reported on Friday.

By 2030, OpenAI expects to get three-quarters of its data center capacity from Stargate, a project that’s expected to be heavily financed by SoftBank, one of OpenAI’s newest financial backers. That represents a major shift away from Microsoft, OpenAI’s biggest shareholder, who fulfills most of the startup’s power needs today.

The change won’t happen overnight. OpenAI still plans to increase its spending on Microsoft-owned data centers in the next few years.

During that time, OpenAI’s overall costs are set to grow dramatically. The Information reports that OpenAI projects to burn $20 billion in cash during 2027, far more than the $5 billion it reportedly burned through in 2024. By 2030, OpenAI reportedly forecasts that its costs around running AI models, also known as inference, will outpace what the startup spends on training AI models.

SOURCE ARTICLE:

https://techcrunch.com/2025/02/21/report-openai-plans-to-shift-compute-needs-from-microsoft-to-softbank/?utm_source=tldrai

DeepSeek to Open Source Parts of Online Services Code

Posted on by
DeepSeek
DeepSeek

Chinese AI lab DeepSeek plans to open source portions of its online services’ code as part of an “open source week” event next week.

DeepSeek will open source five code repositories that have been “documented, deployed and battle-tested in production,” the company said in a post on X on Thursday.

Code repositories are storage locations for software development assets, and typically contain source code as well as configuration files and project documentation.

“As part of the open-source community, we believe that every line shared becomes collective momentum that accelerates the journey,” the company wrote. “Daily unlocks are coming soon. No ivory towers — just pure garage-energy and community-driven innovation.”

DeepSeek, which has a history of making its AI models openly available under permissive licenses, has lit a fire under AI incumbents like OpenAI. In recent social media posts, OpenAI CEO Sam Altman admitted DeepSeek has lessened OpenAI’s technological lead, and said that OpenAI would consider open sourcing more of its technology in the future.

SOURCE ARTICLE:

https://techcrunch.com/2025/02/21/deepseek-to-open-source-parts-of-online-services-code/?utm_source=tldrai