Protecting Against Token Theft (vercel.com)

A recent report highlights the escalating threat of inference theft, a practice where malicious actors exploit AI endpoints to unlawfully access and resell AI inference without incurring any costs. With the cost of a single AI call potentially reaching $2, compared to mere fractions of a cent for standard HTTP requests, the financial implications of such theft can lead to catastrophic losses for companies operating AI services. Traditional defenses like rate limits and session-based authentication prove inadequate, as attackers can efficiently bypass these measures using residential proxies and adapters that mimic legitimate API calls. To combat inference theft, companies must implement verification protocols that check each AI request individually. The report showcases the use of Vercel's BotID, an invisible CAPTCHA solution that effectively identifies bot traffic through advanced client-side machine learning. This enables real-time protection, drastically reducing the volume of unauthorized requests. As AI inference remains an expensive resource, prioritizing endpoint security at an individual request level is essential for safeguarding financial stability and preventing potential abuse from sophisticated attackers.