{"id":60816,"date":"2026-06-04T19:08:00","date_gmt":"2026-06-04T19:08:00","guid":{"rendered":"https:\/\/www.theregister.com\/a\/5251377"},"modified":"2026-06-04T19:08:00","modified_gmt":"2026-06-04T19:08:00","slug":"openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/","title":{"rendered":"OpenAI&#8217;s agent chained decade-old DoS attacks to crash web servers in seconds"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/image.theregister.com\/5251401.jpg?imageId=5251401&amp;x=0&amp;y=0&amp;cropw=100&amp;croph=100&amp;panox=0&amp;panoy=0&amp;panow=100&amp;panoh=100&amp;width=1200&amp;height=683\" class=\"ff-og-image-inserted\"><\/div>\n<div data-element-guid=\"d11159dd-82a3-4c53-901c-d41dec75505c\" readability=\"30.616666666667\">\n<p class=\"kicker \">Security<\/p>\n<p class=\"subtitle \">Codex drops an&nbsp;HTTP\/2 Bomb<\/p>\n<\/p><\/div>\n<div data-element-guid=\"4c9dc5d9-c886-4348-bf4a-01d0dc71377d\" readability=\"112.54971181556\">\n<p>The next threat your server faces may have been helped along by a bot. OpenAI&#8217;s Codex agent helped uncover a remote denial-of-service (DoS) exploit that can be launched from a single machine to render vulnerable web servers inaccessible in seconds, according to Calif security researchers.<\/p>\n<p>The attack works on default HTTP\/2 configurations of major web servers including nginx, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare Pingora. As of Thursday, Microsoft IIS and Cloudflare Pingora still don\u2019t have a patch, according to the researchers, although Cloudflare disputes this finding.<\/p>\n<p>\u201cCloudflare&#8217;s existing architecture and DDoS mitigations automatically detect and protect against this attack, making customers resilient to this vulnerability,\u201d a spokesperson told <span class=\"italic m-italic \" data-lab-italic=\"italic\">The Register<\/span>. \u201cNo patch is needed.\u201d<\/p>\n<p>\u201cWe are aware and actively investigating appropriate mitigations to help keep customers protected,&#8221; a Microsoft spokesperson told <span class=\"italic m-italic \" data-lab-italic=\"italic\">The Register<\/span>.<\/p>\n<p>Calif researcher Quang Luong discovered the exploit, named it HTTP\/2 Bomb, and will present the full technical details of the attack at the <a href=\"https:\/\/seclab.stanford.edu\/RealWorldAIsec\/\" rel=\"nofollow\">Real World AI Security<\/a> conference later this month. In the meantime, there are&nbsp;<a href=\"https:\/\/github.com\/califio\/publications\/tree\/main\/MADBugs\/http2-bomb\" rel=\"nofollow\">proof-of-concept exploit scripts<\/a> on GitHub along with a warning from the AI red teaming security shop: \u201cPlease don&#8217;t point these at infrastructure you don&#8217;t own.\u201d<\/p>\n<p>In a Tuesday <a href=\"https:\/\/blog.calif.io\/p\/codex-discovered-a-hidden-http2-bomb\" rel=\"nofollow\">blog<\/a>, Luong says Codex chained two existing DoS attack techniques that have been known for more than a decade &#8211; HPACK compression bomb and Slowloris-style hold &#8211; and warns that upwards of <a href=\"https:\/\/www.shodan.io\/search?query=ssl.alpn%3A%22h2%22+product%3Anginx%2CApache%2CIIS%2CEnvoy%2CPingora\" rel=\"nofollow\">880,000 websites<\/a> supporting HTTP\/2 and running one of the vulnerable web servers may be affected.<\/p>\n<p>An HPACK bomb attack (also known as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-6581\" rel=\"nofollow\">CVE-2016-6581<\/a>) exploits the HTTP\/2 header compression algorithm (HPACK) by sending thousands of tiny messages to the server, forcing it to rapidly allocate memory and ultimately crash.<\/p>\n<p>Then the <a href=\"https:\/\/www.cloudflare.com\/learning\/ddos\/ddos-attack-tools\/slowloris\/\" rel=\"nofollow\">Slowloris DoS attack<\/a> (<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2016-8740\" rel=\"nofollow\">CVE-2016-8740<\/a> and <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2016-1546\" rel=\"nofollow\">CVE-2016-1546<\/a>) overwhelms the server by opening legitimate connections and maintaining them as long as possible.&nbsp;<\/p>\n<p>Combining the two exhausts the server\u2019s memory and forces it offline.<\/p>\n<p>\u201cA home computer on a 100Mbps connection can render a vulnerable server inaccessible within seconds,\u201d Luong wrote. \u201cAgainst Apache httpd and Envoy, a single client can consume and hold 32GB of server memory in roughly 20 seconds.\u201d<\/p>\n<p>The Calif research team disclosed the issue to nginx in April, and the web server\u2019s maintainers fixed it the next day in version 1.29.8, which <a href=\"https:\/\/github.com\/nginx\/nginx\/commit\/365694160a85229a7cb006738de9260d49ff5fa2\" rel=\"nofollow\">imports the max_headers directive<\/a> from freenginx.<\/p>\n<p>Apache issued a fix (<a href=\"https:\/\/github.com\/icing\/mod_h2\/releases\" rel=\"nofollow\">mod_http2 v2.0.41<\/a>) the same day that Calif submitted its report, and assigned it CVE-2026-49975.&nbsp;<\/p>\n<p>\u201cThe fix commits above are public and disclose the vectors directly; any capable AI model can turn those diffs into a working exploit, which is exactly how we found that Microsoft IIS, Envoy, and Pingora are also vulnerable,\u201d the threat hunting team wrote, adding that all three have been notified.<\/p>\n<p>In a Wednesday update, Calif pointed to Envoy <a href=\"https:\/\/github.com\/envoyproxy\/envoy\/security\/advisories\/GHSA-22m2-hvr2-xqc8\" rel=\"nofollow\">patches<\/a> \u201cthat appear to mitigate this attack,\u201d and notes that its researchers are still validating the fix to ensure it works.<\/p>\n<div data-element-guid=\"afe083ca-6701-48e9-9bd8-f8827dd7fb42\" class=\"lab4 column articleList layout_vertical imageLayout_left small-12 large-12 small-abs-12 large-abs-12 abs_grid_12 grid-vas-start mobile-grid-vas-start\">\n<div class=\"content border_width_0 border_width_mobile_0 border-radius-48 border-radius-mobile_48\">\n<h2 class=\"article-list-title t19 font-RobotoCondensed\">MORE CONTEXT<\/h2>\n<\/p><\/div>\n<\/div>\n<p>For Microsoft IIS and Cloudflare Pingora, the security sleuths recommend disabling HTTP\/2 if possible, or enforcing a cap on the number of HTTP headers a client can send in a single request to the server.<\/p>\n<p>The fact that a coding agent &#8211; not a human &#8211; discovered this attack is notable, according to Calif. \u201cBoth halves have been public for a decade,\u201d Luong wrote. \u201cWhat Codex did was read the codebases, recognize that the two compose, and build the combined attack. That combination is obvious once you see it, and yet as far as we can tell no human had put it together against these servers.\u201d \u00ae<\/p>\n<p><span class=\"font-weight-bold m-font-weight-bold \" data-lab-font_weight=\"font-weight-bold\">Updated at 2023<\/span> with statement from Microsoft.<\/p>\n<\/p><\/div>\n<p><img decoding=\"async\" src=\"https:\/\/image.theregister.com\/?imageId=5251401&#038;width=800\">READ MORE <a href=\"https:\/\/www.theregister.com\/security\/2026\/06\/04\/openais-codex-chains-decade-old-dos-techniques-into-http\/2-bomb\/5251377\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Codex drops an HTTP\/2 Bomb READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":60817,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[307],"class_list":["post-60816","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>OpenAI&#039;s agent chained decade-old DoS attacks to crash web servers in seconds 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OpenAI&#039;s agent chained decade-old DoS attacks to crash web servers in seconds 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-04T19:08:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/image.theregister.com\/5251401.jpg?imageId=5251401&amp;x=0&amp;y=0&amp;cropw=100&amp;croph=100&amp;panox=0&amp;panoy=0&amp;panow=100&amp;panoh=100&amp;width=1200&amp;height=683\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"OpenAI&#8217;s agent chained decade-old DoS attacks to crash web servers in seconds\",\"datePublished\":\"2026-06-04T19:08:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\\\/\"},\"wordCount\":628,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds.jpg\",\"keywords\":[\"Security\"],\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\\\/\",\"name\":\"OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds.jpg\",\"datePublished\":\"2026-06-04T19:08:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds.jpg\",\"width\":100,\"height\":65},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"OpenAI&#8217;s agent chained decade-old DoS attacks to crash web servers in seconds\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/","og_locale":"en_US","og_type":"article","og_title":"OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-06-04T19:08:00+00:00","og_image":[{"url":"https:\/\/image.theregister.com\/5251401.jpg?imageId=5251401&amp;x=0&amp;y=0&amp;cropw=100&amp;croph=100&amp;panox=0&amp;panoy=0&amp;panow=100&amp;panoh=100&amp;width=1200&amp;height=683","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"OpenAI&#8217;s agent chained decade-old DoS attacks to crash web servers in seconds","datePublished":"2026-06-04T19:08:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/"},"wordCount":628,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/06\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds.jpg","keywords":["Security"],"articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/","url":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/","name":"OpenAI's agent chained decade-old DoS attacks to crash web servers in seconds 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/06\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds.jpg","datePublished":"2026-06-04T19:08:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/06\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/06\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds.jpg","width":100,"height":65},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/openais-agent-chained-decade-old-dos-attacks-to-crash-web-servers-in-seconds\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.threatshub.org\/blog\/tag\/security\/"},{"@type":"ListItem","position":3,"name":"OpenAI&#8217;s agent chained decade-old DoS attacks to crash web servers in seconds"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60816","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60816"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60816\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/60817"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60816"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60816"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60816"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}