A cybersecurity report from OWASP warns of emerging risks tied to large language models (LLMs). The study, "LLM10:2025 Unbounded Consumption," highlights how uncontrolled use of AI inference — the process by which models generate responses — can leave systems vulnerable to disruption, financial losses, and intellectual property theft.
Growing threats in AI
As enterprises integrate
LLMs into daily operations, their sheer scale and computational intensity make them attractive attack targets. “Unbounded consumption” describes scenarios where attackers overload models with excessive or malicious queries, exploiting weaknesses in system design and cloud billing structures.
The report warns these attacks can cause denial of service (DoS), denial of wallet (DoW), degraded performance, or functional model replication, all of which could undermine confidence in AI-driven platforms.
Common vulnerabilities
The study identifies several attack methods:
- Variable-length input floods: Overwhelming systems with oversized queries to exploit inefficiencies.
- Denial of wallet: Abusing pay-per-use cloud pricing to generate unsustainable costs.
- Continuous input overflow: Forcing inputs that exceed context windows, slowing or crashing systems.
- Resource-intensive queries: Crafting complex prompts that drain memory and CPU resources.
- Model extraction via API: Using queries to replicate parts of a model, raising intellectual property risks.
- Functional model replication: Leveraging outputs to train a competing “shadow model.”
- Side-channel attacks: Exploiting input filters to harvest model weights and architecture data.
These vulnerabilities highlight the dual risks enterprises face: service reliability and protection of proprietary AI assets.
[Editor's Note: This is part SC Media's partnership to unpack OWASP's Top 10 for LLM Applications.] Potential impacts
Experts caution that such attacks could ripple far beyond cloud providers. Enterprises dependent on AI services may face outages, unexpected financial burdens, or exposure of sensitive intellectual property. With AI becoming embedded across sectors, the consequences of exploitation could be systemic.
“LLMs are powerful enablers, but their flexibility makes them attractive targets,” the report states.
Mitigation strategies
The report emphasizes that prevention must be proactive. Recommended safeguards include:
- Input validation to restrict query size and complexity.
- Rate limiting and quotas to control request volumes.
- Resource allocation monitoring to prevent overload.
- Graceful degradation to maintain partial functionality under stress.
- Watermarking to track unauthorized model use.
- Adversarial robustness training to detect extraction attempts.
- Access controls and centralized model inventories to secure deployment environments.
Advanced techniques, such as sandboxing models to restrict external access and filtering known “glitch tokens,” can further strengthen resilience.
Example scenarios
The report describes plausible attack scenarios:
- An adversary submits massive inputs until the system crashes.
- A coordinated flood of requests overwhelms cloud infrastructure, denying service to legitimate users.
- Excessive use of pay-per-query services inflicts unsustainable costs on providers.
- Carefully crafted queries allow attackers to replicate a model, bypassing traditional safeguards.
Looking forward
Researchers stress that unbounded consumption is not a hypothetical threat. As AI adoption accelerates, safeguarding LLMs from exploitation will be critical. Without stronger protections, attackers could transform AI from a productivity driver into a liability for global enterprises.
“The threat is here today,” the report concludes. “Preventing unbounded consumption will determine whether organizations can harness AI securely — or risk watching it become an avenue for disruption and loss.”
This article is part of SC Media’s 10-part editorial series on the OWASP Top 10 for LLM Applications 2025. Produced in partnership with the OWASP Generative AI Security Project, the series highlights actionable steps for secure, transparent GenAI application development.
