Definition
An attack that exploits AI guardrails by injecting poisoned data designed to trap reasoning-based safety systems in extended thinking loops, consuming massive computational resources and starving other agents in shared infrastructure. A single poisoned document can slow systems by up to 148×.
Why it matters
As enterprises rely on reasoning-intensive safety controls to govern AI agents, those guardrails themselves become a vulnerability; attackers can weaponize safety mechanisms to achieve enterprise-scale denial of service.