Model Denial of Service
Model denial of service is making an AI system unavailable or ruinously expensive by flooding it with requests or crafting inputs that force maximum work — huge outputs, deep tool loops, giant context. Because each call costs real money, the financial version is sometimes called 'denial of wallet.'
Also known as: denial of wallet, unbounded consumption
Traditional denial of service exhausts a server’s capacity. AI systems add a second target: cost. An attacker can craft inputs that force the model to do maximum work — generate the longest possible output, recurse through tool calls, or balloon the context — so a handful of requests run up a large bill or starve real users. OWASP lists this as “unbounded consumption”; the budget-burning flavor gets the nickname “denial of wallet.”
It’s distinctive to AI because inference is metered and expensive, so the attack doesn’t need to take the service down to hurt — it just needs to make it cost too much. Defenses are limits: rate-limit and quota per user, cap output length and tool-call depth, bound context size, set spending alerts, and time out runaway agent loops. The same caps that control normal cost also blunt the attack.