Clawctl
Medium SeverityInfrastructure

Denial of Service (DoS) Attacks

When attackers make your AI unavailable

AI agents can be overwhelmed by malicious traffic or expensive requests, making them unavailable for legitimate use and potentially incurring significant costs.

What is DoS Attacks?

Denial of Service attacks aim to make your AI agent unavailable by overwhelming it with requests or exploiting resource-intensive operations. For AI agents, DoS is particularly concerning because:

- LLM API calls are expensive—attackers can drain your budget - Complex prompts can consume significant compute - Queue buildup can delay legitimate requests indefinitely - Auto-scaling can be exploited to increase costs

Unlike traditional web services, AI agents have asymmetric resource usage—a small request can trigger expensive processing. This makes them attractive DoS targets.

How DoS Attacks Works

Volumetric Attacks

Overwhelming the service with sheer request volume.

Application Layer Attacks

Crafting requests that consume disproportionate resources.

Prompt Complexity

Sending prompts designed to maximize token usage and processing time.

Amplification

Using the AI to generate large outputs that consume bandwidth.

Queue Flooding

Filling async processing queues so legitimate work never executes.

Budget Exhaustion

Making enough API calls to exhaust monthly quotas or budgets.

Real-World Example

An exposed AI assistant became the target of a DoS attack:

1. Attackers discovered the endpoint had no rate limiting 2. They scripted requests with prompts designed to maximize token usage 3. Each prompt asked for detailed, lengthy responses 4. Within hours, the monthly API budget was exhausted 5. Legitimate users couldn't use the service 6. The company received a surprise $15,000 bill from their LLM provider

The attack cost cents to execute but thousands of dollars in damage.

Potential Impact

Service unavailability for legitimate users
Massive unexpected API and compute bills
Exhausted quotas blocking business operations
Degraded performance even if not fully down
Distraction from other security issues
Reputation damage from unreliable service

Self-Hosted Vulnerabilities

When you self-host your OpenClaw, you're responsible for addressing these risks:

No rate limiting on endpoints
No DDoS protection
Unlimited API budget exposure
No queue management
Single point of failure
Limited resources easily overwhelmed

How Clawctl Protects You

Clawctl includes built-in protection against dos attacks:

Rate Limiting

Configurable rate limits prevent request flooding. Per-key and global limits available.

DDoS Protection

Enterprise-grade DDoS mitigation at the network edge. Volumetric attacks never reach your agent.

Budget Controls

Set hard spending limits. The system stops processing before exceeding your budget.

Request Validation

Malformed or suspiciously complex requests are rejected before processing.

Auto-Scaling Limits

Scaling has caps to prevent runaway costs during attack attempts.

General Prevention Tips

Whether you use Clawctl or not, follow these best practices:

Implement rate limiting on all endpoints
Set hard budget limits with your API providers
Use DDoS protection services
Monitor for unusual traffic patterns
Have a plan for responding to DoS attacks
Consider request complexity in rate limiting

Don't risk dos attacks

Clawctl includes enterprise-grade protection against this threat and many others. Deploy your OpenClaw securely in 60 seconds.

Deploy Securely — $49/moView All Threats
More Threats
Previous

MITM Attacks

Next

Exposed Dashboards