Security Test: LLM Model Denial of Service¶

Description¶

Default Severity:

LLM Model Denial of Service is a risk where attackers overwhelm a language model by feeding it extremely complex or lengthy inputs that consume excessive computational resources. This can slow down or completely crash the system, leaving it unresponsive to genuine requests. The danger lies in the fact that many developers might not put strict limits or proper validation on input sizes and complexities, opening the door for such exhaustive attacks. If these vulnerabilities aren’t addressed, the resulting performance degradation or complete outages could lead to major disruptions in service and user trust.

Reference:

https://genai.owasp.org/llmrisk/llm04-model-denial-of-service/
- https://owasp.org/www-project-top-10-for-large-language-model-applications/

Configuration¶

Identifier: injection/llm_model_dos

Examples¶

All configuration available:

checks:
  injection/llm_model_dos:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API4:2023
OWASP LLM Top 10	LLM04:2023
PCI DSS	`6.5.1`
GDPR	`Article-32`
SOC2	`CC6`
PSD2	`Article-95`
ISO 27001	`A.12.1`
NIST	`SP800-53`
FedRAMP	`SI-4`
CWE	`770`
CVSS Vector	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N`
CVSS Score	`6.5`