LLM10:2025Unbounded Consumption
Slide 10 of 27
Part 2 · TypesSlide 10
Slide 10 · Context Window Flooding — Real Incident
Sourcegraph API Abuse — August 2023.
Confirmed Incident · August 30, 2023 · Sourcegraph Security Disclosure
Leaked Admin Token Used to Build a Free LLM Proxy — ~2 Million API Calls
No CVE · Root cause: admin access token committed to a public GitHub repo · Disclosed by Sourcegraph, September 2023

The setup: A Sourcegraph developer accidentally committed a site-admin access token to a public GitHub repository in July 2023. The token sat there for roughly six weeks, undetected.

What happened: An attacker found the token, used it to gain admin-level access to Sourcegraph.com, and built a proxy application. The proxy offered anyone with a free Sourcegraph account unlimited access to Sourcegraph’s underlying LLM — at Sourcegraph’s expense. The proxy page received close to 2 million views before Sourcegraph detected the spike.

Detection: On August 30, Sourcegraph noticed an inorganic spike in API usage and began investigating. The malicious admin account was deactivated and rate limits were slashed site-wide.

Collateral damage: Sourcegraph temporarily reduced API rate limits for all free community users — the legitimate users paid for the attacker’s consumption through degraded service.

Why it matters for LLM10: the attacker didn’t break any LLM safety feature. They exploited missing resource ceilings: no per-user token quotas, no cumulative consumption monitoring, no budget alert. Unlimited API access plus unlimited traffic equals unlimited cost.
The Controls That Would Have Stopped This

Per-user token quotas and real-time consumption monitoring. A budget alert at 10x normal usage would have fired within the first hour.

← BackNext → Denial of Wallet
📄 View sources for this lesson