How Claude Code Stopped A DDoS Attack

Added: 2026-05-15

[00:00:00]In this video, I'm going to be showing you how Claude Code stopped a DOS attack yesterday at Bridgemind. Here's a brief dashboard about this attack. You can see that we got hit with hundreds of millions of requests yesterday and it actually happened on stream during day 175 of vibe coding an app until I make a million dollars. So, if you missed yesterday's stream, I am going to be showing you guys a couple of clips of basically what happened, how I figured out that we were getting attacked, and then what we did to actually mitigate this and how Claude Code stepped in to solve the issue. So, with that being said, I do have a light goal of 200 likes on this video. And if you haven't already joined the BridgeM community, the home of the vibe coding movement, make sure you do so. There's going to be a link in the comment, the pin comment down below. But with that being said, let's get right into it. All right. So, the first thing that I'm going to show you guys is a clip from yesterday's stream where I realized that something was wrong. So, I'm just going to play this stream real quick. It's about 60 seconds long. So, watch this. Look over here.

[00:00:57]All right. Hold up here. All right. So, let's do the Vive Academy API. Do you see how it's loading? You see that error? Oh, what just happened? So, this is where I realized that something was wrong here. This is a test.

[00:01:12]So then I started testing it and it was taking a really long time to transcribe.

[00:01:17]>> All right, hold on chat. Uh what's Oh, do we maybe we're out of That's not good. Hold on. Let Do you guys see this issue? So this is actually the jumper said, "Man, the freaking arena." So it basically I was using Bridge, which is the Bridgemind voice to text tool, and it was taking a ton of time to process the request, and then the the request was failing, and that doesn't happen on Bridge. So I knew something was wrong.

[00:01:39]So then what I did was I basically prompted Claude Code to go look at my AWS account and to review the traffic to see if there was anything malicious because that was actually the first thing that I thought of. So this is kind of what happened here. I'll play this clip for you guys so you guys can see how I reacted here and I'll kind of react to it as well. Agent has reported anything. So nothing yet. It says okay.

[00:02:02]Okay. It looks actually it looks like we are definitely getting um Okay. Yes. We actually have somebody attacking right now. Um, okay. Yeah. So, somebody's attacking Bridgebind right now. Let me >> page.

[00:02:20]>> So, watch how I prompt it.

[00:02:23]>> Attacking right now. That's a ton of requests. figure out where it's coming from and let's update our web application firewall to block this traffic. Figure out why this is happening and fix it immediately. All right. Yeah. So, somebody is uh they're just hammering the API right now. Hold on. I think I can show this to you guys.

[00:02:38]So, if you guys look at this, basically what's happening is all right. So, this is what I saw. Um so, I prompted it because what was happening was somebody was hammering the API. It was a DOS attack. So, uh, you guys can see that the first thing that I did was, hey, go figure out what's happening, uh, and go block all of this traffic with the web application firewall. And Claude Code was able to see what was happening and then immediately update our web application firewall to block the traffic. But this ended up only being a band-aid. Um, I can play more clips, but I would suggest that you guys go watch the stream if you guys want to just kind of learn more. There's so many parts of the stream. and I couldn't, you know, show you guys all the clips, but that's the prompt that I gave it and that was the initial band-aid. But there's actually a better solution for this. And I'm going to show you guys what the best solution is to prevent DOS attacks when vibe coding. Okay, the first thing that I want to show you guys is what actually is a DOS attack and what it isn't and then to help you guys understand what was happening to Bridgemind. So check this out. So a DOS attack, what actually does it stand for? So, a DOS stands for distributed denial of service. And what this is is when an attacker uses thousands, in our case, hundreds of millions of machines to flood a service with junk traffic until real users can no longer get through. So, the reason that Bridge was not usable is because our API was getting flooded with traffic. And I think that this here is a perfect representation of it. So, this is what happens. So pretty much it's thousands of bots and what ends up happening is your API server because it's getting flooded it basically gets overloaded. Okay, so there were just thousands and thousands and thousands in our case millions of requests and this is what happened. So they were hitting our signup endpoint there actually was more than 12,000 requests per minute. It was millions of requests per minute and you know with ECS Fargate it was overwhelming our autoscaling system. So they were just hammering hammering hammering our endpoints. So what this then looks like once you actually put up Cloudflare to protect from this is which is what we did is we use Cloudflare and with this edge shield it's now going to block all of that bot traffic that's trying to get in and our API server is going to remain untouched. So that's what we ended up doing is we used Cloudflare to be able to prevent that bot traffic from even reaching our API server. So, I'm going to show you guys how I did this. I'm going to show you guys how Claude Code was able to help me set this up and then I'm going to show you actual statistics and data from this DOS attack. Okay, so this is the conversation that I had with chat GPT yesterday. So, just so you know, the existing infrastructure was I'm on AWS and I was using WFT over on AWS, but it turns out that this is actually not the best approach, especially for stopping DOS attacks. So, check this out. So it says for most public web apps, Cloudflare is usually the best frontline DOS protection layer, especially if you want quick protection by moving DNS and proxying traffic through Cloudflare.

[00:05:47]Cloudflare is better than AWS in a couple of key areas. So it's better at putting a protective edge in front of your site quickly, which is what we actually needed to do, and it's really good at absorbing common L3, L4, and L7 attacks at the edge. So, this is what I saw yesterday and I was like, "Okay, let's get all of our DNS records moved over to Cloudflare." I was using Route 53, but if you look at AWS, the only way that you're going to use AWS is if you have AWS Shield Advanced. Okay? And Shield Advanced costs $36,000 per year.

[00:06:21]So, once I saw this and once I saw I put that band-aid on those requests, right, and it stopped the attacker, but then they moved to something else. So, that's when I realized, okay, we need to get this moved over to Cloudflare. So that's what I did. I moved all of our DNS records from Route 53 over to Cloudflare and then I put those protections in place using Cloudflare so that all of these requests actually started getting blocked. But I'm going to show you guys now the statistics of this attack, how much it cost us over on AWS, and then what happened once we moved it over to Cloudflare. Here is the official data from this attack. So you guys can see that 308 million requests went through our web application firewall over on AWS. And just so you guys know, when it does hit the WFT over on AWS, that does cost money. So this is the estimated cost of before we had Cloudflare, this is the estimated cost of the attack, $190 to $500 plus. But I do have the official number of this. I do have the official number and I'm going to be sending out a complete report to Bridgemind newsletter subscribers.

[00:07:26]There's a link to this in the description as well as the pinned comment of this video, but it's over at bridgemind.ai/newsletter.

[00:07:34]That email is going to be sent out. It's a complete report of this attack. The official amount that this did cost us, but this is just the estimated amount, $190 to $500 plus. But once we did put Cloudflare mitigation in place, Cloudflare then started blocking this at the edge. So instead of this even reaching our firewall over on AWS, Cloudflare was then able to start blocking this. And once we had Cloudflare in place, the requests were getting blocked completely because they were getting blocked at the edge. So it never touched our AWS web application firewall because it was getting blocked at the edge. And that's why you need Cloudflare if you don't already have it.

[00:08:13]When I was 20 years old, I read a book called The Coming Wave. You guys should go read this. It's by the founder of Deep Mind. Now, Google Deep Mind. But in this book, he basically talks about the coming wave of AI. And I read this over three years ago. And it talks about this very thing happening that when AI gets better, there's going to be AI enabled hackers. And then you need to watch out for, you know, people are just going to be using AI to hack to attack software.

[00:08:41]And I think that we're seeing this with Mythos, we're seeing this with some of the better models is that as AI models are getting better, you know, it's really helping us as developers to be able to build things, but it's also enabling people that may not have our best interests in mind. It's enabling hackers. It's enabling attackers. And I think that one thing that I will say is that as vibe coders and people that are building software with AI, I really do recommend that you take a look at your application and make sure that you guys are searching for vulnerabilities. I do believe that you can use AI to help you pentest to help you find vulnerabilities. But I think that I just want to share this experience with you guys because this is very important that we all take our security to the next level. We can use AI to help us build more secure applications. But as you guys can see, you know, hey, I just had this happen. It cost me a couple hundred. And now I know that, hey, Cloudflare is going to be the best mitigation for this. So, I recommend that you get Cloudflare. There are a few different plans. There's a free plan, a pro plan. I'm paying for the pro plan, which is $25 a month. But, you know, moving forward, I think that security, especially when you're building in public, is going to be incredibly, incredibly important because, yeah, I think that we just need to take it very seriously. And this is one thing that I'm going to be talking a lot more about in my streams and in my videos is vibe coding securely. That being said, if you guys haven't already liked, subscribed, joined the Discord community, make sure you do so. And if I missed anything or if you have any thoughts or questions, let me know in the comments section down below. But with that being said, I will see you guys in the future.