Model denial of service—also known as Denial of Wallet—lets attackers keep AI services online while rapidly draining cloud budgets by forcing excessive token consumption. Real-world LLMjacking incidents on services like AWS Bedrock and Google Gemini show six-figure bills in days, so teams must deploy cost-aware rate limiting, hard spending caps, billing anomaly alerts, and stronger credential protection. #LLMjacking #AWSBedrock
Keypoints
- Denial of Wallet attacks exploit per-token billing to drain cloud budgets without causing downtime.
- Techniques include context window flooding, recursive prompting, and reasoning loop exploitation to multiply token usage.
- LLMjacking and stolen API keys have produced real losses, such as $46,000/day on AWS Bedrock and $82,000 in 48 hours on Gemini.
- Traditional rate limiters and WAFs count requests, not cost, creating a blind spot attackers can abuse.
- Effective defenses are cost-aware token-based rate limiting, hard spending caps, billing anomaly alerts, and securing credentials.
Read More: https://www.toxsec.com/p/denial-of-wallet