Not all expensive AI requests are malicious.
Most runaway requests are accidental.
How Runaway Requests Happen
Common triggers:
- Large file uploads
- Unbounded user input
- Debug data passed to prompts
- Recursive or chained calls
Once triggered, cost grows exponentially.
Why Traditional Safeguards Fail
Traditional safeguards:
- Rate limits
- Monthly budgets
- Alerts
None of these evaluate the content or cost of a request.
Request Size vs Request Cost
Request size and request cost are not the same.
A small request can:
- Trigger large output
- Generate high cost
Cost must be estimated, not assumed.
Preventing Runaway Requests
Effective systems:
- Estimate cost before execution
- Enforce maximum cost per request
- Block or downgrade unsafe requests
Conclusion
Runaway requests are inevitable.
Uncontrolled cost is not.
