✓What unbounded consumption is — in plain English and in OWASP’s definition
✓The six resource types at risk: tokens, compute, memory, bandwidth, quota, and budget
✓Denial of Service vs. Denial of Wallet — what’s different and why DoW is harder to detect
✓Why request-count rate limiting alone is insufficient — and what token-aware limits look like
✓All 4 attack types: context window flooding, denial of wallet, reasoning loop exploitation, model extraction
✓Sourcegraph API abuse (August 2023): leaked admin token, 2 million API calls, rate limits slashed site-wide
✓Nasr et al. repeated-token attack (2023): sustained generation causes behavioral divergence and runaway token consumption
✓Proof Pudding (CVE-2019-20634): model extraction via systematic probe queries against Proofpoint’s email filter
✓All 6 mitigation categories — what OWASP says, how real incidents showed the gap, how to do it right, how to validate
✓The attack vs. control coverage matrix — which ceiling stops which attack