OWASP LLM10 (2025) Unbounded Consumption

What is OWASP LLM10 (2025) Unbounded Consumption?

Unbounded consumption is resource exhaustion aimed at your budget or capacity - long reasoning chains, unbounded tool calling, or adversarial prompts designed to burn tokens and API quota.

What this looks like in production

Classic DoS tried to crash a server. Denial-of-wallet drains spend quietly. Agents amplify cost because one user message can trigger dozens of model and tool calls.

What teams usually do about it

  • Cap tokens, tool depth, and spend per user and session.
  • Detect loop and fuzz patterns in production-like tests.
  • Alert on cost anomalies, not only error rates.

Further reading on Giskard

Official OWASP reference

Get AI security insights in your inbox