Denial of Service

Denial of service targets the computational, memory, network, and service capacities of AI agent systems to degrade performance, cause failures, or inflict financial damage.

Details

AI agents are particularly susceptible to denial of service because they combine expensive inference calls with tool executions that can consume compute, storage, API quotas, and real money. An attacker can trigger resource exhaustion by crafting inputs that cause long reasoning chains, excessive tool-call loops, retrieval of very large documents, or repeated calls to paid external APIs. A specific financial variant - sometimes called "denial of wallet" - aims to drive up API and compute costs rather than causing a service outage.

Denial of service can be triggered intentionally through prompt injection payloads that instruct the agent to enter expensive loops, or unintentionally through runaway agent loops and poorly bounded recursive tool calls, making resource limits and observability critical operational controls.

Examples

An attacker submits prompts designed to trigger unbounded recursive tool calls, exhausting the agent's API quota.
Crafted inputs cause an agent to repeatedly call a paid external API in a loop, running up thousands of dollars in charges before the loop is detected.
An adversary floods an agent system with concurrent requests, each triggering expensive inference and tool calls, causing cascading failures across shared infrastructure.

Mitigations

Resource limits on compute, API quotas, and cost
Bounded iteration limits on tool call loops and reasoning chains
Rate limiting on incoming requests to prevent flooding
Observability for detecting runaway loops and anomalous resource consumption

Synonyms

resource overload, denial of wallet, resource exhaustion