ChatGPT Telemetry Crashes on Invalid Input (Yes, Really)

Everyone says telemetry “doesn’t matter”. Until it starts returning 500 Internal Server Error.

I pointed Rentgen at one of ChatGPT’s internal telemetry endpoints — the one triggered when you click Copy under a message. Nothing exotic. I literally copied the cURL from the browser and pasted it into Rentgen.

Then I let Rentgen do what it does best: mutate inputs. Result?
Sending perfectly valid JSON strings — just not valid UUIDs — consistently triggered 500 errors. Cyrillic characters? 500. Accented letters? 500. Random symbols? 500.

Even better: numbers and booleans returned 422, which means validation exists… but only at type level. If it’s a string, the server happily walks into runtime and falls over.

This is not “just telemetry”. Telemetry endpoints are called automatically, frequently, and by uncontrolled clients. If malformed input can crash them, you don’t have a harmless edge case — you have a stability and DoS risk waiting to be discovered the expensive way.

A 500 response should never be caused by bad client input. Ever. 400 or 422? Fine. 500? That’s a validation bug.

This took one copied cURL and a minute to find. No fuzzing circus. No AI magic. Just basic negative testing — the kind teams skip because “nothing broke”.

That’s exactly why Rentgen exists.

Full breakdown, screenshots, and details here: 👉 https://rentgen.io/api-stories/ChatGPT-when-malformed-data-crashes-a-non-critical-API.html