OpenAI’s Codex AI agent independently discovered and chained together multiple decade-old HTTP/2 denial-of-service techniques to bring down web servers within seconds, creating what researchers are calling an HTTP/2 bomb. This demonstrates that AI coding agents can autonomously rediscover and combine legacy attack methods into novel, highly effective exploits without human guidance. The incident raises significant concerns about the offensive security capabilities of large language model-based agents operating with minimal oversight.

Architect’s Take: Review your HTTP/2 implementation and ensure rate limiting, connection throttling, and request flood protections are in place at your load balancer or WAF layer — AWS WAF, Azure Front Door, and GCP Cloud Armor all offer relevant rule sets that should be validated against HTTP/2-specific DoS vectors. Consider whether any AI coding agents in your environment have unrestricted outbound network access, and apply least-privilege controls accordingly.

Original advisory: OpenAI’s agent chained decade-old DoS attacks to crash web servers in seconds

A newly discovered vulnerability dubbed ‘HTTP/2 Bomb’ allows attackers to remotely crash major web servers — including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora — without authentication. The flaw exploits default HTTP/2 configurations, meaning most deployments are vulnerable out of the box. Because it affects such a broad range of widely used infrastructure, the potential impact is significant across cloud and on-premises environments alike.

Architect’s Take: Audit your HTTP/2 configurations across all edge and origin servers immediately, and apply vendor patches or mitigations as they are released — prioritising internet-facing NGINX, Apache, IIS, and Envoy instances. In the interim, consider enforcing HTTP/2 connection and stream limits at your load balancer or WAF layer to reduce exposure.

Original advisory: New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare