Your app has one innocent-looking feature. Paste a link, we fetch it, we show a preview. Your users love it. So do attackers, because the difference between 'fetch any URL' and 'fetch the cloud metadata endpoint and give me the keys' is zero characters of configuration.
Server-side request forgery is the bug where an attacker convinces your server to fetch a URL it should not fetch. From the attacker's side of the network, internal addresses like localhost, 10.0.0.0/8, and the cloud metadata service are unreachable. From your server's side they are one fetch call away. SSRF is the bridge between those two worlds.
What your AI actually built
You asked for a link-preview feature, or an avatar-from-URL uploader, or a webhook tester. The model wrote a handler that takes a URL from the request and calls fetch on it, then returns what it got back. Clean, short, works first try.
What it didn't write was the allowlist. The handler happily fetches http://169.254.169.254/latest/meta-data/ — the AWS instance metadata endpoint — which returns your IAM credentials to any caller inside the VM. Your server is inside the VM. The attacker is not, but your server is their proxy now.
The same shape applies to internal services. http://localhost:8080, http://10.0.0.7, http://redis:6379 — all of those are reachable from inside the cluster and none of them are reachable from the public internet. Until the attacker sends a URL and your server follows it.
How it gets exploited
Your app hosts a 'URL to PDF' feature. The attacker signs up and pastes a link.
Find out whether your server fetches URLs it should not.
Flowpatrol tests every URL-accepting input for SSRF, including cloud metadata endpoints. Five minutes. One URL.
Try it free