Let's Burn Some Tokens – AI Chatbot Cost Exploitation as an Attack Vector (dixken.de)

A new tool concept has been proposed to exploit the cost structures of AI chatbots, which are increasingly used by companies for customer interactions. This tool would simulate an overly engaged user by generating excessive token usage—potentially leading to substantial financial burdens for businesses. By mimicking natural conversational behaviors, the tool could rack up costs through repeated requests for verbose outputs, additional context, and structured formats, tapping into deficiencies in available cost controls that many chatbot deployments currently exhibit. This issue is significant for the AI/ML community as it highlights vulnerabilities in the management of AI service expenditures, comparable to leaving databases exposed to unauthorized access. Many companies employing chatbots are neglecting essential budget management practices, such as implementing session and user-based limits, and lack monitoring for unusual usage patterns. The proposed exploitation method serves as a wake-up call for organizations to prioritize API cost security alongside traditional application security measures, encouraging them to establish protective protocols like budget alerts, rate limiting, and conversational depth limits to safeguard against unaffordable API expenses.