I pointed a Rentgen at one of ChatGPT’s browser-facing backend endpoints — the exact cURL request captured from the Network tab. What started as a small experiment turned into something more interesting: three real issues surfaced, and all three were fixed within days of being publicly documented.
This wasn’t fuzzing thousands of payloads. It was one real user request, automatically mutated into edge cases: oversized bodies, invalid types, missing fields, alternative methods, and unexpected auth states. Here’s what broke.
Read more ant github
Top comments (0)