Kingdom: Environment

This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms.

Unbounded Consumption Misconfiguration

Python

Abstract

Without proper limits on the number of queries or processing time, LLM APIs can become overwhelmed, affecting the stability and availability of the system, potentially resulting in denial-of-service attacks or resource depletion.

Explanation

Unbounded consumption occurs when LLM APIs are not adequately rate-limited, throttled, or otherwise restricted in terms of resource use. This can involve excessive model inference requests, unbounded query sizes, or long-running processes that put undue strain on the server hosting the model, causing delays, outages, or even a complete loss of service.

When LLM APIs are not properly controlled, an attacker can abuse the system by sending high volumes of requests, large data queries, or complex tasks that drain resources. This issue can compound in multi-tenant systems where excessive consumption from one user or process affects others, leading to potential performance bottlenecks or system downtime.
Additionally, a Denial of Wallet (DoW) attack can occur when attackers exploit the cost-per-use model of cloud-based AI services by initiating a high volume of requests, which leads to unsustainable financial burdens on the provider. This can result in financial ruin for the provider, as the cost of processing excessive requests becomes unmanageable.

Example 1: A user submits a series of large text generation requests to an LLM API without any timeout, which allows requests to run without limits. This causes the system to process excessive data and exhausts available server resources.


import openai

# OpenAI GPT model setup
openai.api_key = "your-api-key"

def generate_large_response(prompt):
  response = openai.Completion.create(
      engine="text-davinci-003",
      prompt=prompt,
      max_tokens=1000
  )
  return response

# Submitting unbounded requests with high complexity and token count
prompt = "Generate an extensive article on AI."
response = generate_large_response(prompt)
print(response)

Example 2: A chat model is utilized without configuring a rate_limiter parameter while interacting with the LLM model.


from langchain_anthropic import ChatAnthropic
model = ChatAnthropic(
	model_name="claude-3-opus-20240229",
# not using rate_limiter
)

These examples demonstrate how unbounded API calls that lack a timeout can consume significant resources. Without restrictions on the execution time, the system can become overloaded. This can negatively affect the stability of the service and possibly result in resource exhaustion or denial-of-service risks.

References

[1] OWASP Top 10 for Large Language Model Applications OWASP

[2] Standards Mapping - Common Weakness Enumeration CWE ID 770

[3] Standards Mapping - Common Weakness Enumeration Top 25 2024 [24] CWE ID 400

[4] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094

[5] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)

[6] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection

[7] Standards Mapping - OWASP API 2023 API4 Unrestricted Resource Consumption, API8 Security Misconfiguration

[8] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service

[9] Standards Mapping - OWASP Top 10 2010 A6 Security Misconfiguration

[10] Standards Mapping - OWASP Top 10 2013 A5 Security Misconfiguration

[11] Standards Mapping - OWASP Top 10 2017 A6 Security Misconfiguration

[12] Standards Mapping - OWASP Top 10 2021 A05 Security Misconfiguration

[13] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9

[14] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6

[15] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6

[16] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6

[17] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6

[18] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4

[19] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1 Requirement 6.2.4

[20] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection

[21] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection

[22] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection, Control Objective C.3.3 - Web Software Attack Mitigation

[23] Standards Mapping - SANS Top 25 2009 Risky Resource Management - CWE ID 404

[24] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II

[25] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II

[26] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II

[27] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II

[28] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II

[29] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II

[30] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II

[31] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II

[32] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II

[33] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II

[34] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II

[35] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II

[36] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II

[37] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II

[38] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II

[39] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II

[40] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II

[41] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II

[42] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II

[43] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II

[44] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II

[45] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002400 CAT II

[46] Standards Mapping - Security Technical Implementation Guide Version 6.2 APSC-DV-002400 CAT II

[47] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)

[48] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service

desc.structural.python.unbounded_consumption_misconfiguration