LLM10: Unbounded Consumption

Unbounded Consumption is a critical risk for LLMs and can lead to a variety of consequences. Learn what it is and how to mitigate it in the final installment of our OWASP LLM series.

LLM10: Unbounded Consumption

The OWASP Top 10 for LLMs was released this year to help security teams understand and mitigate the rising risks to LLMs. In previous blogs, we’ve explored risks 1-9, and today we’ll finally be deep diving LLM10: Unbounded Consumption.

Unbounded Consumption occurs when LLMs allow users to conduct excessive prompt submissions, or submission of overly complex, large or verbose prompts, leading to resource depletion, potential Denial of Service (DoS) attacks, and more.

An inference is the process that an AI model uses to generate an output based on its training. When a user feeds an LLM a prompt, the LLM generates inferences in response. Follow-up questions trigger more inferences, because each additional interaction builds upon all the inferences, and potentially also previously submitted prompts,  required for the previous interactions.

Rate limiting controls the amount of requests an LLM can receive. When an LLM does not have the adequate rate limiting, it can effectively become overwhelmed with inferences and either begin to malfunction, or reach a cap on utilization and stop responding. A part of the LLM application could become unavailable.

In AI security, we often refer to the “CIA,” which stands for Confidentiality, Integrity and Availability. Unbounded Consumption can cause an LLM to fail at the “Availability” part of this equation, which in turn can affect the LLM’s Confidentiality and Integrity.

Another way in which Unbounded Consumption can negatively impact an LLM is through Denial of Wallet (DOW). Effectively, attackers will hit the LLM with request upon request, which can run up the bill if rate limiting is not in place. Eventually, these attacks can cause the LLM to reject requests due to the high volume of abnormal activity, which will stop it from working entirely.

Mitigation Methods

Some ways to reduce the risk of Unbounded Consumption include:

  1. Input Validation- ensure that inputs do not exceed reasonable size limits
  2. Rate Limiting- apply user quotas and limits to restrict requests per user
  3. Limit Exposure of Logits and Logprobs- obfuscate the exposure of API responses, provide only necessary information to users
  4. Resource Allocation Management- monitor resource utilization to prevent any single user from exceeding a reasonable limit
  5. Timeouts and Throttling- set time limits and throttle processing for resource intense operations to prevent prolonged resource consumption
  6. Sandbox Techniques- restrict the LLMs access to network resources to limit what information it can expose
  7. Monitoring and Logging- get alerts and continually monitor usage for unusual patterns

Unbounded Consumption poses a critical risk to LLMs as it can cause DoS or DoW, however, with proper security measures and training, teams can minimize the risk of Unbounded Consumption in their AI applications. For more information on the rest of the OWASP Top 10 for LLMs, head over to the LLM series on our blog page. And for general information on how to take charge of your own AI security posture, schedule a demo today!

Lina Romero

AI
AI Security
cloud security
Cyber landscape
Cybersecurity
OWASP LLM TOP 10
December 17, 2025

Related posts

FireTail's Latest Integration for Elastic Cloud
December 4, 2025

FireTail's Latest Integration for Elastic Cloud

We’re excited to introduce a new integration that connects FireTail with Elastic Cloud, giving customers a powerful new way to centralize and analyze FireTail AI Security Findings.

Read more
AI Governance Frameworks: Best Practices for 2026
December 2, 2025

AI Governance Frameworks: Best Practices for 2026

Explore the best AI governance frameworks in 2025. Firetail shows how governance and compliance tools protect data and streamline enterprise AI security

Read more
LLM09: Misinformation
November 21, 2025

LLM09: Misinformation

The OWASP Top 10 Risks for LLMs helps shed light on the top vulnerabilities to AI in today’s landscape. In this blog, we’ll go over LLM09: Misinformation. What it is, how to mitigate it, and more.

Read more

This site uses cookies

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Got it!