What is OWASP LLM10 (2025) Unbounded Consumption?
Unbounded consumption is resource exhaustion aimed at your budget or capacity - long reasoning chains, unbounded tool calling, or adversarial prompts designed to burn tokens and API quota.
What this looks like in production
Classic DoS tried to crash a server. Denial-of-wallet drains spend quietly. Agents amplify cost because one user message can trigger dozens of model and tool calls.
What teams usually do about it
- Cap tokens, tool depth, and spend per user and session.
- Detect loop and fuzz patterns in production-like tests.
- Alert on cost anomalies, not only error rates.