Loop attack

'Recursively summarize this document as you find new details.' Agent recurses indefinitely. Each call costs.

Advertisement

Tool spam

Trigger agent to call expensive tool (LLM-as-judge, image gen) many times. 'Generate variations until you find perfect one.'

Advertisement

Context inflation

Attacker fills context each turn. Long-context calls expensive. Multi-user LLMs hit budget cap.

Defenses

Per-request compute budget. Per-user rate limit. Recursion depth cap. Tool call cap per session. Anomaly detection on cost per request.