LLM10: Unbounded Consumption
OWASP LLM Top 10 (2025)
Cost, denial-of-service, and resource-exhaustion attacks against LLM endpoints.
What this risk means
Token-amplification attacks, prompt-storm DoS, and runaway autonomy can drive cost or knock services offline. The vendor's rate-limiting, quota, and circuit-breaker posture determines blast radius.
How TrustAtlas dimensions address it
Security covers the vendor's rate-limiting and quota enforcement controls; business stability covers their resilience under load (incident history, SLA, financial runway to absorb attacks).
SecurityBusiness stability
See methodology for how each dimension is scored across the catalog.
Questions to ask vendors
Drop these into RFPs, due-diligence questionnaires, or a procurement scorecard. Each question maps back to evidence visible on the vendor's TrustAtlas profile.
- What rate limits, token quotas, and circuit breakers are in place by default? Are they per-key, per-tenant, or per-IP?
- Do you offer per-tenant cost caps with hard cutoffs, or only soft alerts?
- How do you isolate one tenant's abusive load from others — separate clusters, queue isolation, or shared capacity with quotas?
- What financial-runway and customer-protection commitments do you offer if you are knocked offline by a sustained attack?
Related
- Back to the full OWASP LLM Top 10 cross-walk
- NIST AI RMF cross-walk — the U.S. enterprise companion framework
- TrustAtlas methodology — how the 8 risk dimensions are scored
- Browse the vendor directory and filter by the dimensions tied to this risk