openDemocracy, an independent international media platform, has experienced repeated disruptions to its website in recent weeks, rendered inaccessible by what security experts are identifying as large-scale bot activity. The attacks, which began in February 2026, have intermittently knocked the site offline, hindering access to its reporting on current affairs, ideas, and culture. The incidents at openDemocracy are not isolated. A growing trend of automated bot traffic, driven in part by artificial intelligence systems, is overwhelming online infrastructure, creating denial-of-service-like conditions for various organizations. Security researchers have identified a vulnerability in OpenAI’s ChatGPT API that, while now reportedly patched, could be exploited to generate distributed denial-of-service (DDoS) attacks against targeted websites. The flaw allowed attackers to include an excessive number of URLs within a single request, potentially overloading the traffic capacity of a victim’s server. Benjamin Flesch, the German security researcher who discovered the ChatGPT API vulnerability in January 2025, detailed the issue on GitHub, assigning it a CVSS score of 8.6 due to its network-based, low-complexity nature. Flesch demonstrated the potential for exploitation by overloading a local host with connection attempts originating from OpenAI servers. OpenAI responded by disabling the vulnerable endpoint, effectively mitigating the immediate threat. Though, the broader issue extends beyond a single API vulnerability. A report from LibreNews in March 2025 highlighted a surge in bot traffic impacting open-source projects, with some experiencing as much as 97 percent of their traffic originating from AI companies’ bots. This influx dramatically increases bandwidth costs and introduces instability, straining the resources of volunteer maintainers. In response to the escalating bot activity, companies like Cloudflare have begun developing defensive measures. Cloudflare’s “AI Labyrinth” feature aims to combat unauthorized data scraping by serving AI crawlers realistic but irrelevant content, effectively wasting their computing resources. This approach represents a shift from traditional blocking strategies, which can sometimes alert attackers to their detection. A separate, ongoing threat originates from an IoT botnet exploiting vulnerabilities in wireless routers and IP cameras. Trend Micro researchers have been monitoring large-scale DDoS attacks orchestrated by this botnet since the end of 2024, targeting companies primarily in Japan, but with a wide geographic dispersion of attack targets including North America and Europe. The botnet, comprised of malware variants derived from Mirai and Bashlite, leverages weak credentials and exploits to infect devices and launch attacks. While OpenAI has addressed the specific vulnerability identified by Flesch, the underlying problem of AI-driven bot activity and its potential to disrupt online services remains. OpenDemocracy has not publicly commented on the source of the attacks targeting its website, and the ongoing impact on its operations remains unclear.
52
previous post