Why it matters

LLM APIs are increasingly critical infrastructure. DoS attacks can take down customer-facing apps and burn through cloud budgets. Defense requires thinking about attack economics, not just request rates.

Advertisement

The architecture

Long-output DoS: request maximum tokens with prompt like 'Continue writing indefinitely'. Consumes maximum GPU time per query.

Deep-reasoning DoS: use chain-of-thought prompts that force many reasoning tokens. Amplifies compute per query.

LLM DoS vectorsLong outputmax tokensDeep reasoningmany CoT tokensParallel floodingconcurrent queriesCost per attack query is small; damage per query is high — asymmetry favors attacker
DoS attack types.
Advertisement

How it works end to end

Parallel flooding: many concurrent queries from botnet exhaust rate limits or exhaust GPU pool.

Adversarial prompts: certain inputs cause tokenizer or model to behave anomalously (long tokens, high latency).

Defenses: aggressive rate limits, output length caps, cost-per-query accounting, per-account budgets.