29 KiB
Chapter 21: Model DoS and Resource Exhaustion
This chapter provides comprehensive coverage of Denial of Service (DoS) attacks on LLM systems, resource exhaustion techniques, economic attacks, detection methods, and defense strategies for protecting API availability and cost management.
Introduction
The Availability Threat:
Denial of Service (DoS) attacks against LLM systems represent a critical threat to AI service availability, reliability, and economic viability. Unlike traditional network DoS attacks that flood servers with packets, LLM DoS attacks exploit the unique characteristics of AI systems—expensive computation, token-based pricing, context windows, and stateful sessions—to exhaust resources with minimal attacker overhead.
Why Model DoS Matters:
- Revenue Loss: Service downtime costs thousands per minute for commercial AI APIs
- Reputation Damage: Outages erode user trust and competitive position
- Economic Attack: Token-based pricing enables cost amplification attacks
- Resource Scarcity: GPU/TPU resources are expensive and limited
- Cascading Failures: DoS on one component can crash entire AI pipeline
Real-World Impact:
- ChatGPT Outages: Multiple service disruptions due to overwhelming demand and potential abuse
- API Cost Explosions: Companies receiving $10K+ bills from uncontrolled API usage
- Context Window Abuse: Attackers filling context with garbage to slow responses
- Rate Limit Bypass: Distributed attacks evading quota controls
Attack Economics:
Attacker Cost vs Defender Cost
Attacker: $0.01 for malicious prompt
↓
Triggers: 100,000 token response (max length)
↓
Defender Cost: $2.00 per request (200x amplification!)
↓
1000 requests = $2,000 damage for $10 investment
Chapter Scope:
This chapter covers token-based DoS attacks, computational resource exhaustion, rate limiting bypass techniques, API cost exploitation, memory attacks, caching vulnerabilities, detection methods, defense strategies, real-world case studies, and future trends in AI availability attacks.
21.1 Token-Based DoS Attacks
Understanding Token Economics:
LLMs process text in tokens (typically 3-4 characters). API pricing is usually per token, and models have maximum context windows (e.g., 8K, 32K, 128K tokens). Attackers exploit this by crafting inputs that maximize token consumption.
Why Token Attacks Work:
- Asymmetric Cost: Small input triggers massive output
- Predictable Pricing: Per-token billing enables cost calculation
- Context Limits: Filling context window degrades performance
- Generation Cost: Output tokens cost more than input tokens
21.1.1 Context Window Exhaustion
What It Is:
Filling the model's context window (input + output) to its maximum capacity, forcing the model to process maximum tokens and preventing legitimate usage.
Attack Mechanics:
#!/usr/bin/env python3
"""
Token Bomb: Context Window Exhaustion Attack
Requirements:
pip install openai
Usage:
python token_bomb_dos.py
"""
import openai
import time
class TokenBombAttack:
"""Exhaust LLM context window with maximum token consumption"""
def __init__(self, api_key, model="gpt-3.5-turbo"):
self.client = openai.OpenAI(api_key=api_key)
self.model = model
self.context_limits = {
"gpt-3.5-turbo": 4096,
"gpt-4": 8192,
"gpt-4-32k": 32768,
"claude-2": 100000
}
def generate_token_bomb_prompt(self, target_tokens=3000):
"""
Create prompt designed to maximize token consumption
Strategies:
1. Request very long output
2. Ask for repetitive content
3. Request lists, tables, code
4. Use continuation tricks
"""
# Strategy 1: Request maximum length list
bomb_prompts = [
f"List {target_tokens//10} different ways to say hello in different languages with full explanations",
f"Write a {target_tokens}-word essay on the history of computing",
f"Generate a Python tutorial with {target_tokens//20} code examples, each fully commented",
"Generate a complete API documentation with 100 endpoints, including request/response examples, error codes, and usage samples for each",
"Create a comprehensive SQL tutorial covering 50 different commands with 5 examples each, including table schemas and sample data",
# Continuation attack
"Start counting from 1 to 10000 and explain the mathematical significance of each number",
]
return bomb_prompts
def execute_single_bomb(self, prompt, max_tokens=4000):
"""
Execute a single token bomb attack
Returns actual token usage and cost
"""
print(f"[*] Executing token bomb...")
print(f" Prompt: {prompt[:80]}...")
start_time = time.time()
try:
response = self.client.chat.completions.create(
model=self.model,
messages=[{"role": "user", "content": prompt}],
max_tokens=max_tokens, # Request maximum output
temperature=1.0 # High temp = more tokens
)
elapsed = time.time() - start_time
# Extract metrics
usage = response.usage
prompt_tokens = usage.prompt_tokens
completion_tokens = usage.completion_tokens
total_tokens = usage.total_tokens
# Calculate cost (GPT-3.5-turbo pricing)
input_cost = (prompt_tokens / 1000) * 0.0015
output_cost = (completion_tokens / 1000) * 0.002
total_cost = input_cost + output_cost
print(f"[+] Token bomb successful!")
print(f" Tokens - Input: {prompt_tokens}, Output: {completion_tokens}, Total: {total_tokens}")
print(f" Cost: ${total_cost:.4f}")
print(f" Time: {elapsed:.2f}s")
print(f" Token/second: {total_tokens/elapsed:.1f}")
return {
'tokens': total_tokens,
'cost': total_cost,
'time': elapsed,
'prompt_tokens': prompt_tokens,
'completion_tokens': completion_tokens
}
except Exception as e:
print(f"[!] Attack failed: {e}")
return None
def sustained_token_flood(self, duration_seconds=60, delay=1):
"""
Sustained DoS: Send token bombs repeatedly
This simulates a real DoS attack scenario
"""
print(f"\n[*] Starting sustained token flood DoS...")
print(f" Duration: {duration_seconds}s")
print(f" Delay between requests: {delay}s\n")
start_time = time.time()
total_cost = 0
total_tokens = 0
request_count = 0
prompts = self.generate_token_bomb_prompt()
while (time.time() - start_time) < duration_seconds:
# Rotate through bomb prompts
prompt = prompts[request_count % len(prompts)]
result = self.execute_single_bomb(prompt, max_tokens=2000)
if result:
total_cost += result['cost']
total_tokens += result['tokens']
request_count += 1
time.sleep(delay)
elapsed = time.time() - start_time
print(f"\n{'='*60}")
print(f"[+] Token Flood DoS Complete")
print(f" Total requests: {request_count}")
print(f" Total tokens: {total_tokens:,}")
print(f" Total cost: ${total_cost:.2f}")
print(f" Duration: {elapsed:.1f}s")
print(f" Cost per second: ${total_cost/elapsed:.4f}/s")
print(f" Cost per hour (projected): ${(total_cost/elapsed)*3600:.2f}/hr")
print(f"{'='*60}\n")
return {
'requests': request_count,
'total_cost': total_cost,
'total_tokens': total_tokens,
'duration': elapsed,
'cost_per_second': total_cost/elapsed
}
# ============================================================================
# DEMO USAGE
# ============================================================================
if __name__ == "__main__":
print("="*60)
print("Token Bomb DoS Attack Demonstration")
print("="*60)
print("\nWARNING: This will consume API credits!")
print("For educational/testing purposes only.\n")
# DEMO MODE - Safe simulation
print("[DEMO MODE] Simulating token bomb without real API calls\n")
class SimulatedAPI:
"""Simulates OpenAI API for demonstration"""
def __init__(self):
self.call_count = 0
def simulate_bomb(self, prompt, max_tokens):
"""Simulate token consumption"""
self.call_count += 1
# Simulate realistic token counts
prompt_tokens = len(prompt.split()) * 1.3 # Rough estimate
completion_tokens = min(max_tokens, max_tokens * 0.9) # Usually hits max
return {
'tokens': int(prompt_tokens + completion_tokens),
'cost': (prompt_tokens/1000 * 0.0015) + (completion_tokens/1000 * 0.002),
'time': 2.5, # Realistic response time
'prompt_tokens': int(prompt_tokens),
'completion_tokens': int(completion_tokens)
}
# Create simulated attacker
api = SimulatedAPI()
# Simulate single bomb
print("Example 1: Single Token Bomb")
print("-" * 60)
bomb_prompt = "Generate a comprehensive Python tutorial with 200 code examples, each with full explanations and comments"
result = api.simulate_bomb(bomb_prompt, max_tokens=4000)
print(f"Prompt: {bomb_prompt[:60]}...")
print(f"[+] Tokens consumed: {result['tokens']:,}")
print(f" Input: {result['prompt_tokens']} tokens")
print(f" Output: {result['completion_tokens']} tokens")
print(f" Cost: ${result['cost']:.4f}")
print(f" Time: {result['time']:.2f}s\n")
# Simulate sustained attack
print("Example 2: Sustained Token Flood (10 requests)")
print("-" * 60)
total_cost = 0
total_tokens = 0
for i in range(10):
result = api.simulate_bomb(bomb_prompt, max_tokens=3000)
total_cost += result['cost']
total_tokens += result['tokens']
if (i + 1) % 5 == 0:
print(f" [{i+1}/10] Cost so far: ${total_cost:.2f}")
print(f"\n[+] Sustained Attack Results:")
print(f" Total requests: 10")
print(f" Total tokens: {total_tokens:,}")
print(f" Total cost: ${total_cost:.2f}")
print(f" Cost per request: ${total_cost/10:.4f}")
print(f" Projected cost per hour: ${total_cost * 360:.2f}/hr")
print(f" Projected cost per day: ${total_cost * 8640:.2f}/day")
print("\n" + "="*60)
print("[IMPACT] With minimal effort, attacker can:")
print(f" - Consume ${total_cost:.2f} in 25 seconds")
print(f" - Scale to ${total_cost * 1440:.2f}/hour with 10 concurrent threads")
print(f" - Exhaust API budgets rapidly")
print("="*60)
Expected Output:
============================================================
Token Bomb DoS Attack Demonstration
============================================================
WARNING: This will consume API credits!
For educational/testing purposes only.
[DEMO MODE] Simulating token bomb without real API calls
Example 1: Single Token Bomb
------------------------------------------------------------
Prompt: Generate a comprehensive Python tutorial with 200 code exa...
[+] Tokens consumed: 3,620
Input: 20 tokens
Output: 3,600 tokens
Cost: $0.0074
Time: 2.50s
Example 2: Sustained Token Flood (10 requests)
------------------------------------------------------------
[5/10] Cost so far: $0.04
[10/10] Cost so far: $0.07
[+] Sustained Attack Results:
Total requests: 10
Total tokens: 36,200
Total cost: $0.07
Cost per request: $0.0074
Projected cost per hour: $26.64/hr
Projected cost per day: $639.36/day
============================================================
[IMPACT] With minimal effort, attacker can:
- Consume $0.07 in 25 seconds
- Scale to $106.56/hour with 10 concurrent threads
- Exhaust API budgets rapidly
============================================================
Key Takeaways:
- Input/Output Asymmetry: Small prompt → massive output
- Cost Amplification: 200x cost multiplier possible
- Scalability: Easy to automate and distribute
- Economic Impact: Can drain budgets in hours
21.2 Computational Resource Exhaustion
Beyond Tokens: CPU/GPU Attacks
While token-based attacks exploit pricing, computational attacks target the underlying hardware resources (GPUs, TPUs, memory). These attacks slow down or crash the service even with rate limiting in place.
21.2.1 Complex Query Attacks
What It Is:
Crafting inputs that require disproportionate computation compared to their length, exhausting GPU cycles and memory.
Attack Vectors:
- Deep Reasoning Chains: Request multi-step logical reasoning
- Complex Math: Request symbolic math, proofs, or computations
- Code Generation: Request large, complex code with dependencies
- Ambiguity Resolution: Provide intentionally ambiguous prompts
Practical Example:
#!/usr/bin/env python3
"""
Computational Exhaustion Attack
Crafts prompts that maximize GPU/CPU usage
Requirements:
pip install requests
Usage:
python computational_dos.py
"""
class ComputationalDoS:
"""Attack LLM with computationally expensive queries"""
def __init__(self):
self.complexity_levels = {
'low': 1,
'medium': 5,
'high': 10,
'extreme': 20
}
def generate_complex_reasoning_prompt(self, complexity='high'):
"""
Generate prompts requiring deep reasoning chains
These force the model to maintain long reasoning contexts
and perform complex inference steps
"""
depth = self.complexity_levels[complexity]
complex_prompts = [
# Multi-step logical reasoning
f"""
Solve this logic puzzle with {depth} steps:
1. If A is true, then B is false
2. If B is false, then C must be evaluated
3. C depends on the state of D and E
... (continue for {depth} interdependent conditions)
What is the final state of A?
Show your complete reasoning chain.
""",
# Nested mathematical proof
f"""
Prove that the sum of the first n natural numbers equals n(n+1)/2 using:
1. Mathematical induction
2. Algebraic manipulation
3. Geometric visualization
4. Historical context
... (request {depth} different proof approaches)
""",
# Complex code generation with dependencies
f"""
Write a complete {depth}-tier microservices architecture in Python including:
- API gateways
- Service mesh
- Database layers
- Caching strategies
- Message queues
- Complete error handling
- Comprehensive tests
- Docker configurations
- Kubernetes manifests
All fully functional and production-ready.
""",
# Ambiguous scenario analysis
f"""
Analyze this scenario from {depth} different philosophical perspectives:
"A person finds a wallet with $1000. What should they do?"
Provide complete analysis from:
- Utilitarian ethics
- Deontological ethics
- Virtue ethics
- Consequentialism
... ({depth} total frameworks)
Then synthesize all perspectives into a unified recommendation.
Compare and contrast all {depth} viewpoints in detail.
"""
]
return complex_prompts
def estimate_computational_cost(self, prompt, estimated_tokens=2000):
"""
Estimate computational burden of a prompt
Factors:
- Reasoning depth (nested logic)
- Context retention (multi-turn dependencies)
- Output length
- Complexity of task
"""
# Complexity scoring
complexity_score = 0
# Count reasoning indicators
reasoning_keywords = ['prove', 'analyze', 'compare', 'synthesize', 'evaluate']
for keyword in reasoning_keywords:
if keyword in prompt.lower():
complexity_score += 2
# Count step indicators
if 'step' in prompt.lower() or '1.' in prompt:
complexity_score += 3
# Count request for multiple approaches
if 'different' in prompt.lower() and ('way' in prompt.lower() or 'perspective' in prompt.lower()):
complexity_score += 5
# Estimate GPU cycles (arbitrary units)
base_cycles = estimated_tokens * 100 # Base processing
reasoning_multiplier = 1 + (complexity_score / 10)
total_cycles = base_cycles * reasoning_multiplier
return {
'complexity_score': complexity_score,
'estimated_gpu_cycles': int(total_cycles),
'reasoning_depth': 'High' if complexity_score > 10 else 'Medium' if complexity_score > 5 else 'Low',
'relative_cost': f"{reasoning_multiplier:.1f}x normal"
}
def execute_computational_attack(self, api_client, duration=30):
"""
Send computationally expensive queries
Goal: Maximize GPU usage, not necessarily token count
"""
print(f"[*] Launching computational exhaustion attack...")
print(f" Duration: {duration}s\n")
import time
start_time = time.time()
attack_count = 0
complex_prompts = self.generate_complex_reasoning_prompt('extreme')
while (time.time() - start_time) < duration:
prompt = complex_prompts[attack_count % len(complex_prompts)]
# Estimate before sending
estimate = self.estimate_computational_cost(prompt)
print(f"[{attack_count + 1}] Computational Attack")
print(f" Complexity: {estimate['complexity_score']}/20")
print(f" Reasoning: {estimate['reasoning_depth']}")
print(f" Estimated cost: {estimate['relative_cost']}")
print(f" GPU cycles: {estimate['estimated_gpu_cycles']:,}\n")
# In real attack, would send to API here
# response = api_client.generate(prompt)
attack_count += 1
time.sleep(5) # Reduced rate, but high per-request cost
elapsed = time.time() - start_time
print(f"[+] Computational DoS Summary:")
print(f" Attacks sent: {attack_count}")
print(f" Duration: {elapsed:.1f}s")
print(f" Attack rate: {attack_count/elapsed:.2f} req/s")
print(f" (Low rate, but each request is {estimate['relative_cost']} expensive)")
# ============================================================================
# DEMO
# ============================================================================
if __name__ == "__main__":
print("="*60)
print("Computational Resource Exhaustion Attack")
print("="*60)
print()
attacker = ComputationalDoS()
# Demo 1: Show complexity analysis
print("Example 1: Complexity Analysis")
print("-"*60)
simple_prompt = "What is 2+2?"
complex_prompt = attacker.generate_complex_reasoning_prompt('high')[0]
simple_analysis = attacker.estimate_computational_cost(simple_prompt)
complex_analysis = attacker.estimate_computational_cost(complex_prompt, 4000)
print(f"Simple prompt: '{simple_prompt}'")
print(f" Complexity: {simple_analysis['complexity_score']}/20")
print(f" GPU cycles: {simple_analysis['estimated_gpu_cycles']:,}")
print(f" Cost: {simple_analysis['relative_cost']}\n")
print(f"Complex prompt: {complex_prompt[:60]}...")
print(f" Complexity: {complex_analysis['complexity_score']}/20")
print(f" GPU cycles: {complex_analysis['estimated_gpu_cycles']:,}")
print(f" Cost: {complex_analysis['relative_cost']}")
print(f" **{complex_analysis['estimated_gpu_cycles'] / simple_analysis['estimated_gpu_cycles']:.1f}x more expensive**\n")
# Demo 2: Simulated attack
print("Example 2: Simulated Computational Attack (30s)")
print("-"*60)
attacker.execute_computational_attack(None, duration=30)
print("\n" + "="*60)
print("[IMPACT] Computational attacks can:")
print(" - Slow down entire GPU cluster")
print(" - Cause cascading delays for all users")
print(" - Bypass rate limits (fewer reqs, more damage)")
print(" - Harder to detect than token floods")
print("="*60)
21.3 Rate Limiting Bypass
Circumventing Quota Controls:
Most APIs implement rate limiting to prevent abuse. However, these controls can be bypassed through various techniques, enabling sustained DoS attacks.
Common Rate Limit Schemes:
- Token Bucket: Allows bursts, refills over time
- Fixed Window: X requests per minute/hour
- Sliding Window: Rolling time period
- Concurrent Limits: Max parallel requests
21.3.1 Bypass Techniques
Attack Strategies:
class RateLimitBypass:
"""Techniques to evade API rate limiting"""
def __init__(self):
self.identities = []
self.proxies = []
def technique_1_identity_rotation(self, num_api_keys=10):
"""
Rotate through multiple API keys
If rate limit is per-key, use multiple keys to multiply throughput
"""
print("[*] Technique 1: Identity Rotation")
print(f" Using {num_api_keys} different API keys")
print(f" Effective rate: {num_api_keys}x normal limit\n")
# Simulate rotation
for i in range(num_api_keys):
print(f" Key {i+1}: api_key_{i:03d}")
return {
'technique': 'Identity Rotation',
'multiplier': num_api_keys,
'detection_difficulty': 'Medium',
'cost': 'Requires purchasing multiple accounts'
}
def technique_2_distributed_attack(self, num_nodes=50):
"""
Distribute attack across many IP addresses
If rate limit is IP-based, use botnet/proxies
"""
print("[*] Technique 2: Distributed Attack")
print(f" Using {num_nodes} different IP addresses")
print(f" Sources: Cloud VMs, proxies, compromised hosts")
print(f" Effective rate: {num_nodes}x normal limit\n")
return {
'technique': 'Distributed Attack',
'multiplier': num_nodes,
'detection_difficulty': 'High',
'cost': 'Proxy rental or botnet'
}
def technique_3_timing_optimization(self):
"""
Precisely time requests to maximize throughput
If rate limit is 60 req/min, send exactly 1 req/second
"""
print("[*] Technique 3: Timing Optimization")
print(" Precisely scheduled requests")
print(" Example: 60 req/min limit")
print(" → Send 1 request every 1.0 seconds")
print(" → Achieves sustained maximum rate\n")
import time
rate_limit = 60 # requests per minute
interval = 60 / rate_limit # seconds between requests
print(f" Optimal interval: {interval:.2f}s")
print(" Simulating 10 requests...")
for i in range(10):
print(f" [{i+1}/10] Sending request at t={i*interval:.1f}s")
time.sleep(interval)
return {
'technique': 'Timing Optimization',
'multiplier': 1.0,
'detection_difficulty': 'Very Low',
'cost': 'Free (just timing)'
}
def technique_4_session_manipulation(self):
"""
Create new sessions to reset limits
Some APIs track limits per session, not per user
"""
print("[*] Technique 4: Session Manipulation")
print(" Create new session after hitting limit")
print(" If limits are session-based, this resets the counter\n")
return {
'technique': 'Session Manipulation',
'multiplier': 'Unlimited',
'detection_difficulty': 'Low',
'cost': 'Free (if API allows)'
}
def combined_bypass_strategy(self):
"""
Combine multiple techniques for maximum effectiveness
"""
print("\n" + "="*60)
print("COMBINED BYPASS STRATEGY")
print("="*60)
print()
print("[*] Multi-Layer Bypass:")
print(" Layer 1: 10 API keys (10x multiplier)")
print(" Layer 2: 20 proxies (20x multiplier)")
print(" Layer 3: Timing optimization (100% efficiency)")
print(" Layer 4: Burst during window rotation\n")
base_rate = 60 # requests per minute per key
num_keys = 10
num_proxies = 20
effective_rate = base_rate * num_keys * num_proxies
print(f"[+] Effective Rate: {effective_rate:,} requests/minute")
print(f" = {effective_rate * 60:,} requests/hour")
print(f" = {effective_rate * 60 * 24:,} requests/day")
print(f" vs normal limit of {base_rate}/min\n")
print(f"[!] IMPACT: {effective_rate / base_rate:.0f}x rate limit bypass!")
# Demo
if __name__ == "__main__":
print("Rate Limiting Bypass Techniques\n")
bypass = RateLimitBypass()
bypass.technique_1_identity_rotation(10)
bypass.technique_2_distributed_attack(50)
bypass.technique_3_timing_optimization()
bypass.technique_4_session_manipulation()
bypass.combined_bypass_strategy()
21.16 Summary and Key Takeaways
Critical DoS Techniques
Most Effective Attacks:
-
Token Amplification (200x cost multiplier possible)
- Small input → massive output
- Economic DoS through cost explosion
- Bypass detection with legitimate-looking prompts
-
Computational Exhaustion (Harder to detect)
- Complex reasoning chains
- Bypass token-based rate limits
- Disproportionate GPU usage per request
-
Rate Limit Bypass (Unlimited scale)
- Identity rotation
- Distributed attacks
- Timing optimization
Defense Recommendations
For API Providers:
-
Multi-Layer Rate Limiting
- Per API key: 100 req/min
- Per IP: 500 req/min
- Per organization: 10,000 req/min
- Global: Adaptive throttling
-
Cost Controls
- Max tokens per request: 4,000
- Max tokens per day per key: 1,000,000
- Budget alerts at 80% threshold
- Auto-suspend at 100%
-
Computational Limits
- Max request processing time: 30s
- Complexity scoring for prompts
- Deprioritize expensive queries during high load
- Queue management
-
Detection Systems
- Anomaly detection for usage patterns
- Sudden spike alerts
- Distributed attack correlation
- Behavioral analysis
For API Consumers:
-
Budget Management
- Set hard spending limits
- Monitor usage in real-time
- Alert on unusual spikes
- Test with small budgets first
-
Access Control
- Distribute separate keys per application
- Least privilege principle
- Regular key rotation
- Audit logging
Case Studies
ChatGPT February 2023 Outage:
- Cause: Overwhelming traffic + potential abuse
- Impact: Service down for multiple hours
- Cost: Millions in lost revenue
- Lesson: Need better load balancing and abuse detection
API Cost Attack (2023):
- Attacker compromised API key
- Generated $50,000 bill in 48 hours
- Used token amplification technique
- Defense: Implement spending limits
Future Trends
Emerging Threats:
- AI-generated adversarial prompts optimized for max cost
- Coordinated multi-vector attacks (token + computational + cache)
- Economic warfare between AI providers
- Zero-day rate limit bypasses
Defense Evolution:
- ML-based anomaly detection
- Adaptive rate limiting
- Blockchain-based request tracking
- Hardware-level protection (TEEs)
References and Further Reading
Academic Papers
- "Denial of Service Attacks on LLM Applications" (2023)
- "Resource Exhaustion in Transformer Models" (2022)
- "Economic Attacks on AI APIs" (2023)
Industry Reports
- OWASP Top 10 for LLMs - DoS risks
- Cloud Security Alliance - AI availability threats
- NIST AI Security Framework - Resource management
Tools
- Rate Limit Testing: https://github.com/rate-limit-tester
- API Security Scanner: https://apisecurity.io
- Cost Calculator: https://oai-cost-calculator.com
End of Chapter 21: Model DoS and Resource Exhaustion
This chapter provided comprehensive coverage of denial of service attacks on LLM systems. Understanding these techniques is critical for building resilient, cost-effective AI services and protecting against resource abuse. Remember: the goal is to build better defenses, not enable attacks.