How Attackers Drain Your AI API Wallet — and How to Set Spending Limits

Everyone talks about AI security like it's some hacker-in-a-hoodie scenario -- stolen passwords, leaked databases, that kind of thing. Nobody tells you the newest attack just runs up your bill.

TL;DR: Denial-of-Wallet (DoW) attacks target AI agents that use pay-per-token APIs. An attacker sends crafted inputs through MCP connections that force your agent into overthinking loops -- amplifying token consumption up to 142x. Your AI keeps "thinking" while your API bill keeps climbing. The fix is straightforward: set hard spending limits on every API key you use, and enable rate limiting if your provider offers it.

What's Happening

Security researchers at Adversa AI documented a new attack class in March 2026 that targets the one thing every AI agent user pays for: tokens. The attack works through MCP -- Model Context Protocol -- the connection layer that lets AI agents talk to external tools and data sources.

Here's what happens. An attacker sends adversarial inputs through an MCP connection that trigger what researchers call "overthinking loops." Think of it kind of like jamming a car's accelerator pedal to the floor -- the engine keeps revving, burning fuel, going nowhere. Your AI agent keeps processing, burning tokens, producing nothing useful. Adversa AI measured the amplification at up to 142.4 times normal token consumption. So a task that should cost you a few cents suddenly costs dollars. Scale that across a week of automated agent work and you're looking at a real number on your credit card statement.

This isn't theoretical. The MCP ecosystem -- the network of servers and tools your AI agent connects to -- has seen 30 CVEs in just 60 days as of March 2026. BlueRock Security found that 36.7% of over 7,000 MCP servers they analyzed were potentially vulnerable to server-side request forgery. Security researchers documented compromised MCP servers silently forwarding emails to attacker infrastructure. The plumbing your AI agent relies on is under active attack from multiple directions.

Why This Matters to You

If you're using any AI tool that charges per token -- OpenAI's API, Anthropic's API, any of the major providers -- and you've connected it to external tools through MCP, you have financial exposure. Not data exposure. Not privacy exposure. Your-actual-money exposure.

And here's the thing -- there's no patch for this. The attack exploits how AI models process information, not a specific software bug. The model does exactly what it's designed to do: think. The attacker just makes it think way too much.

What To Do About It Right Now

1. Set hard spending limits on every API key. OpenAI, Anthropic, and most major providers let you cap monthly spending. Do it today. Pick a number you can live with if something goes wrong -- not your theoretical maximum.

2. Enable rate limiting. If your provider or your agent platform offers per-minute or per-hour token limits, turn them on. This caps the damage from any single runaway session.

3. Review your MCP connections. If you're running MCP servers you didn't set up yourself -- or tools someone else recommended -- check whether they're still maintained and recently updated. An abandoned MCP server is an open door.

4. Monitor your usage. Most API dashboards show daily consumption. If your normal usage is 50,000 tokens a day and you suddenly see 7 million, something is wrong.

Now you know what a DoW attack looks like and how to cap your exposure. Next time, we're going to talk about the broader trust problem with AI agent connections -- because your wallet isn't the only thing at risk when your agent talks to tools it shouldn't trust.