Comment by aleph_minus_one

> I know I am on HN. Curiosity is one thing, investigating issues for free for a rich company is another.

The vulnerability https://github.com/bf/security-advisories/blob/main/2025-01-... targets other sites than OpenAI. OpenAI's crawler is rather the instrument of the crime for the attack.

Since this "just" leads to a potential reputation damage for OpenAI (and OpenAI's reputation is by now bad), and the victims are operators of other websites, I can see why OpenAI sees no urgency for fixing this bug.