How OpenAI's Bot Overwhelmed a Seven-Person Company's Website Like a DDoS Attack

How OpenAI’s Bot Overwhelmed a Seven-Person Company’s Website Like a DDoS Attack

On Saturday, Triplegangers CEO Oleksandr Tomchuk faced a significant challenge when his company’s e-commerce website went offline. This incident was caused by a distributed denial-of-service (DDoS) attack, which turned out to be the result of a bot from OpenAI relentlessly trying to scrape data from his extensive online catalog.

Incident Overview: DDoS Attack by OpenAI Bot

Tomchuk quickly realized that the source of the disruption was an OpenAI bot that was attempting to download a vast amount of information from Triplegangers’ site. He explained, “We have over 65,000 products, each with its own page, and every page contains at least three images.” The bot was sending “tens of thousands” of requests to the server, resulting in hundreds of thousands of photo downloads along with detailed product descriptions.

  • OpenAI utilized approximately 600 IP addresses to conduct the scraping.
  • Tomchuk and his team are still analyzing server logs to determine the full extent of the attack.

The Impact on Triplegangers

Triplegangers, a small company with only seven employees, has dedicated over a decade to building what it claims is the largest database of “human digital doubles” online. This database includes 3D scanned images of real human models, which are sold to various industries, including video game development and digital art.

Despite having a terms of service page that prohibits unauthorized bot activity, the site’s protection was inadequate. Tomchuk noted that sites need to configure their robots.txt file correctly to prevent bots like OpenAI’s GPTBot from accessing their content. This file, known as the Robots Exclusion Protocol, is designed to inform search engines which parts of a website should not be crawled.

READ ALSO  AI's Bug-Fixing Power: OpenAI Study Reveals Limitations of LLMs in Software Engineering

Understanding Robots.txt and Its Limitations

OpenAI states that it respects robots.txt configurations; however, there are limitations. For instance, it can take up to 24 hours for OpenAI’s bots to recognize updates to these files. This delay can leave websites vulnerable in the meantime.

Tomchuk expressed frustration, stating, “If a site isn’t using robots.txt properly, companies like OpenAI assume they can scrape data freely.” Unfortunately, the damage was already done, and Triplegangers faced unexpected server costs due to the excessive activity generated by the bot.

Mitigating Future Risks

By mid-week, after enduring days of bot attacks, Triplegangers implemented a correctly configured robots.txt file and established a Cloudflare account to block the GPTBot and other unwanted crawlers. Tomchuk reported that their site remained stable following these changes.

However, the challenge remains: Tomchuk has no clear way to identify what data was successfully scraped or to retrieve that material. He noted, “I found no way to contact OpenAI for assistance.” Furthermore, the long-promised opt-out tool from OpenAI has yet to be delivered.

Legal Implications and Industry Concerns

The situation is particularly precarious for Triplegangers due to the nature of their work, which involves scanning actual individuals. Laws such as the General Data Protection Regulation (GDPR) emphasize that companies cannot use images of individuals without consent.

Triplegangers’ site is a goldmine for AI crawlers because it includes detailed tagging of images by ethnicity, age, and other characteristics—valuable data for AI training.

A Call for Action: Protecting Online Businesses

Tomchuk wants other small online businesses to be aware of the risks posed by AI bots. “The only way to know if an AI bot is stealing your copyrighted material is to actively monitor your server logs,” he cautioned. The issue is widespread, with many businesses reporting similar experiences with bots crashing their sites.

READ ALSO  Discover the Rising Alternative App Stores in the EU: A Shift Beyond Apple

According to recent research from DoubleVerify, there has been an 86% increase in “general invalid traffic” attributed to AI crawlers in 2024, highlighting the urgency of addressing this issue.

In conclusion, Tomchuk likened the behavior of AI bots to a “mafia shakedown,” asserting that companies should seek permission rather than scrape data without consent. As the digital landscape evolves, it is imperative for online businesses to implement robust measures to safeguard their content.

For more insights into AI and its impact on the digital economy, subscribe to TechCrunch’s AI-focused newsletter delivered every Wednesday.

Similar Posts

Snap Enhances Spectacles: Introducing GPS and Hand-Tracking Features for an Elevated Experience

Snap Enhances Spectacles: Introducing GPS and Hand-Tracking Features for an Elevated Experience

Bysupport

Snap Inc. has unveiled exciting updates for its Spectacles, the latest AR glasses aimed at developers. New features include GPS integration for custom geo-located Lenses, improved hand-tracking, leaderboards for competition, and an AR keyboard for enhanced interaction. These updates aim to enrich location-based experiences, exemplified by the NavigatAR app from Utopia Labs. Currently available through a $99/month developer program, Snap offers a 50% discount for educators and students to broaden access. Additionally, Snap has launched the Spectacles Community Challenges, offering developers a chance to win $20,000 for their innovative Lenses.

Sibling Founders of Stax Payments Launch New Fintech 'Worth' with $20M Seed Funding

Sibling Founders of Stax Payments Launch New Fintech ‘Worth’ with $20M Seed Funding

Bysupport

Worth, a company improving the underwriting process for fintechs and banks, has raised $20 million in seed funding to transform access to credit for small and medium-sized businesses (SMBs). Founded by siblings Sal Rehmetullah and Suneera Madhani, who previously led Stax Payments to a $1.1 billion valuation, Worth aims to simplify loan applications for SMBs by reducing paperwork and expediting approvals. Utilizing AI and a partnership with Equifax, Worth provides real-time insights into financial health. With over 25 clients and triple-digit growth, Worth plans to launch a “Worth Score” by 2026 while expanding sales and marketing efforts.

Wayve CEO Reveals Essential Strategies for Scaling Autonomous Driving Technology

Wayve CEO Reveals Essential Strategies for Scaling Autonomous Driving Technology

Bysupport

Wayve, co-founded by CEO Alex Kendall, is set to disrupt the autonomous vehicle market with its innovative, cost-effective self-driving technology. At Nvidia’s GTC conference, Kendall showcased Wayve’s data-driven learning model, which uses sensors like cameras for real-time driving decisions without traditional maps. Since its 2017 launch, Wayve has raised over $1.3 billion and plans to license its software to automotive manufacturers, focusing on advanced driver-assistance systems (ADAS) to build a sustainable business. Wayve’s Level 4 autonomy aims for human-like driving behavior, utilizing its generative world model, GAIA-2, to adapt across diverse scenarios, potentially integrating lidar technology.

Unveiling the Future: Key Highlights to Anticipate from Amazon's Alexa Event This Wednesday

Unveiling the Future: Key Highlights to Anticipate from Amazon’s Alexa Event This Wednesday

Bysupport

Amazon will unveil significant innovations at its Alexa press event in NYC on Wednesday at 10 a.m. ET, led by Panos Panay. This marks the company’s first major device showcase in nearly two years, focusing on an upgraded Alexa experience, dubbed Remarkable Alexa. Key anticipated features include a subscription model, multi-request functionality, and autonomous actions. While the new Alexa will integrate generative AI and remain compatible with existing devices, concerns about its reliability persist. Current users can opt to continue using the Classic Alexa. Delays in the rollout are expected, with a potential launch by the end of March.

Discover How Manus's Viral Tool, Browser Use, is Transforming Online Experiences!

Discover How Manus’s Viral Tool, Browser Use, is Transforming Online Experiences!

Bysupport

The launch of Manus, a viral AI platform by Chinese startup Butterfly Effect, has drawn attention to another innovative tool, Browser Use, which enhances website accessibility for automated applications. Daily downloads of Browser Use surged from 5,000 to 28,000 in just a week, driven by a viral social media post showcasing its integration with Manus. Co-creator Gregor Zunic noted that this popularity has made Browser Use the top trending repository on GitHub. Developed by Zunic and Magnus Müller, Browser Use facilitates seamless interaction with website elements and aims to support a growing market for AI agents, projected to reach $42 billion by 2029.

Unlocking Success: Instagram Empowers Creators with Enhanced Insights on Reels Performance

Unlocking Success: Instagram Empowers Creators with Enhanced Insights on Reels Performance

Bysupport

In response to the U.S. TikTok ban, Meta is targeting TikTok creators by offering substantial bonuses for transitioning to Instagram and creating reels. Instagram has introduced new features to help creators analyze their short video performance, including a “View Rate” metric for tracking viewer retention after three seconds and a “Views Over Time” metric for comparing current views against historical data. These enhancements aim to provide actionable insights for content optimization, encouraging creators to replicate successful themes. With TikTok’s availability compromised, Instagram seeks to attract new creators to bolster its platform.