LLM10:2025 — Unbounded Consumption

Slide 3 · The Definition

Now the official definition — it should click.

OWASP’s language, unpacked.

OWASP LLM10:2025 — Definition

Unbounded Consumption refers to the process where an LLM generates excessive, uncontrolled output — or where an application allows excessive, uncontrolled inference requests — consuming compute, memory, bandwidth, and financial budgets in ways that degrade service, cause outages, or enable model theft.

📥

Excessive input

No cap on how large or complex a prompt the user can send.

📤

Excessive output

No cap on how many tokens the model can generate per response.

🔁

Excessive requests

No cap on how many times a user or script can call the API.

🤖

Uncontrolled agentic loops

Agents that call tools, read results, and re-generate — with no stop condition.

Evolved From

LLM10 in the 2023 OWASP list was called “Model Denial of Service.” The 2025 version broadens it: the threat isn’t just crashing the service — it’s financial ruin, model theft, and degradation for all users. The new name captures the full picture.

← Back Next → What exactly gets consumed?