Back to Catalog
Owasp Llm
top10_2025
LLM10 - Unbounded Consumption
Failure to impose limits on LLM resource consumption leading to DoS or excessive costs.
Intent & Description
'
🎯 Intent
Prevent abuse of LLM resources through proper rate limiting, token budgets, and consumption controls.
📋 Context
LLM APIs can be expensive and resource-intensive. Without proper limits, attackers or misconfigured clients can cause excessive costs, degraded performance, or denial of service.
💡 Solution
Implement rate limiting per user and API key. Set token budgets and cost ceilings. Monitor usage patterns. Implement queue management. Use caching for repeated queries. Set timeout limits for LLM operations.'
Real-world Use Case
Use when deploying LLM services, managing API access, or operating multi-tenant LLM platforms.
📌 TL;DR
Control LLM resource usage. Rate-limit, set token budgets, monitor consumption, cache repeated queries.
Advantages
- Controls operational costs
- Prevents denial of service
- Ensures fair resource allocation
- Enables capacity planning
Disadvantages
- Limits may frustrate legitimate heavy users
- Rate limiting complexity for multi-tenant
- Cost estimation for variable-length outputs