The Cost of Being Wordy: Detecting Resource-Draining Prompts

Overview

The breakthrough of large language models (LLMs) has captivated the natural language processing (NLP) world. However, their influence extends to a new form of cyberattack: Resource-Draining Prompts.

The "Denial of Wallet" Threat

Attackers can send algorithmically crafted, highly complex prompts tailored to maximize the model's compute time and token generation length. Because model APIs charge by token or compute usage, these attacks lead to massive billing spikes, effectively functioning as a "Denial of Wallet" attack.

Resolution

Implement strict token limits, semantic rate-limiting based on prompt complexity thresholds, and continuous billing monitoring.