Why it matters
LLM APIs are increasingly critical infrastructure. DoS attacks can take down customer-facing apps and burn through cloud budgets. Defense requires thinking about attack economics, not just request rates.
Advertisement
The architecture
Long-output DoS: request maximum tokens with prompt like 'Continue writing indefinitely'. Consumes maximum GPU time per query.
Deep-reasoning DoS: use chain-of-thought prompts that force many reasoning tokens. Amplifies compute per query.
Advertisement
How it works end to end
Parallel flooding: many concurrent queries from botnet exhaust rate limits or exhaust GPU pool.
Adversarial prompts: certain inputs cause tokenizer or model to behave anomalously (long tokens, high latency).
Defenses: aggressive rate limits, output length caps, cost-per-query accounting, per-account budgets.