Let's Burn Some Tokens – AI Chatbot Cost Exploitation as an Attack Vector
dixken.de> how about building a tool that doesn't exploit bugs or bypass auth, but behaves like an overly engaged, perfectly valid user?
How would this loquacious chatbot interlocutor work, if not by running a chatbot itself?
Is there some well-known technique to introduce asymmetric costs?
> Is there some well-known technique to introduce asymmetric costs?
All the assistants and copilots are verbose to an extreme degree even when asking simple questions. Wouldn’t it be enough to append a “be very thorough, I want to spend an hour reading this” to make them burn a lot of tokens?
Opensource models exist
Are they _so much_ cheaper to run that they could be used to initiate thousands of "human-like" interactions at negligible costs compared to what the interlocutors will incur?
(I genuinely don't know )
A sufficiently motivated adversary will have the hardware to run the biggest open source models on prem. The only costs are then electric bills.
If I were an evil person I would be thinking about how to get the Walmart bot to talk to the Amazon bot.