You asked AI to build your AI feature — a chat, a summarizer, an image generator. It works. What you actually shipped is an open endpoint that anyone can call in a loop, and every call is billed to you.
What you shipped
The route takes a request and calls the model. That’s it:
No login required, no per-user limit, no spending cap. Every hit costs you real money, and nothing stops a hit from repeating.
How anyone exploits it
They don’t even need malice — a curious dev or a bored script does it:
for (let i = 0; i < 100000; i++) fetch('/api/ai', { method: 'POST', body })
A hundred thousand model calls, charged to your account, in minutes. People have woken up to four- and five-figure bills from exactly this.
Why you won’t catch it
It works perfectly for normal use — one user, a few calls. The damage only appears at volume, which your own testing never produces. The first sign is the invoice.
Why AI does it
The shortest code that satisfies “call the model” is a route that calls the model. Auth and rate limiting are extra layers the happy path runs fine without — so they’re skipped.
The fix
Gate the endpoint before it spends anything:
requireAuth(req) // only logged-in users
rateLimit(user, 20) // a sane cap per user
Then set a hard spending limit on the provider dashboard as a backstop.
Check your app
- Every expensive endpoint (AI, email, SMS, image processing) requires auth.
- Each has a per-user rate limit, not just a global one.
- A provider-side budget cap exists as a final backstop.
The bigger problem
A senior dev never ships a paid endpoint without a limit. But if nobody senior reads the code, the open route ships — it works in every test, because no test loops it ten thousand times. The author and reviewer are the same model with the same blind spot.
That’s the gap Velify is built to close: it reads your project and flags exactly this, in plain language, no terminal.