惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
C
CERT Recently Published Vulnerability Notes
P
Proofpoint News Feed
Y
Y Combinator Blog
T
The Blog of Author Tim Ferriss
云风的 BLOG
云风的 BLOG
H
Help Net Security
Recorded Future
Recorded Future
The Register - Security
The Register - Security
F
Full Disclosure
N
Netflix TechBlog - Medium
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hackread – Cybersecurity News, Data Breaches, AI and More
爱范儿
爱范儿
Security Archives - TechRepublic
Security Archives - TechRepublic
Simon Willison's Weblog
Simon Willison's Weblog
Cisco Talos Blog
Cisco Talos Blog
I
InfoQ
T
Tenable Blog
T
Tor Project blog
人人都是产品经理
人人都是产品经理
D
DataBreaches.Net
NISL@THU
NISL@THU
Google DeepMind News
Google DeepMind News
博客园 - 叶小钗
B
Blog
V
V2EX
Jina AI
Jina AI
L
LangChain Blog
月光博客
月光博客
W
WeLiveSecurity
U
Unit 42
AWS News Blog
AWS News Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园 - 聂微东
V
Visual Studio Blog
A
Arctic Wolf
T
Tailwind CSS Blog
The Cloudflare Blog
SecWiki News
SecWiki News
S
SegmentFault 最新的问题
Hacker News - Newest:
Hacker News - Newest: "LLM"
宝玉的分享
宝玉的分享
MyScale Blog
MyScale Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Securelist
www.infosecurity-magazine.com
www.infosecurity-magazine.com
腾讯CDC
雷峰网
雷峰网

Vercel News

Vercel Open Source Program: Winter 2026 cohort How Notion Workers run untrusted code at scale with Vercel Sandbox How we run Vercel's CDN in front of Discourse From idea to secure checkout in minutes with Stripe Building Slack agents can be easy Scaling redirects to infinity on Vercel Advancing Python typing Gamma builds design-first agents with Vercel How Avalara turns pipe dreams into patent-pending with v0 Keeping community human while scaling with agents How OpenEvidence built a healthcare AI that physicians actually trust Security boundaries in agentic architectures Skills Night: 69,000+ ways agents are getting smarter Video Generation with AI Gateway We Ralph Wiggumed WebStreams to make them 10x faster How Stably ships AI testing agents in hours, not weeks How we built AEO tracking for coding agents Anyone can build agents, but it takes a platform to run them Introducing Geist Pixel The Vercel AI Accelerator is back with $6m in credits Making agent-friendly pages with content negotiation The Vercel OSS Bug Bounty program is now available Introducing the new v0 Run untrusted code with Vercel Sandbox, now generally available How Stripe built a game-changing app in a single flight with v0 How Sensay went from zero to product in six weeks AGENTS.md outperforms skills in our agent evals Agent skills explained: An FAQ Testing if "bash is all you need" AWS databases are now live on the Vercel Marketplace and v0 Use Perplexity Web Search with Vercel AI Gateway Introducing: React Best Practices Nick Bogaty joins Vercel as Chief Revenue Officer How Mux shipped durable video workflows with their @mux/ai SDK How to build agents with filesystems and bash How we made v0 an effective coding agent Stopping the slow death of internal tools Building AI-Generated Pixel Trading Cards with Vercel AI Gateway We removed 80% of our agent’s tools AI SDK 6 Our $1 million hacker challenge for React2Shell Cline now runs on Vercel AI Gateway How to prompt v0 Build smarter workflows with Notion and v0 Vercel launches partner certification Inside Workflow DevKit: How framework integrations work React2Shell Security Bulletin | Vercel Knowledge Base Billions of requests: Black Friday-Cyber Monday 2025 Investing in the Python ecosystem AWS Databases coming to the Vercel Marketplace How we built the v0 iOS app Workflow Builder: Build your own workflow automation platform Vercel Open Source Program: Fall 2025 cohort Self-driving infrastructure Vercel collaborates with Google for Gemini 3 Pro Preview launch Vercel: The anti-vendor-lock-in cloud How Nous Research used BotID to block automated abuse at scale How AI Gateway runs on Fluid compute What we learned building agents at Vercel Build and deploy data applications on Snowflake with v0 BotID Deep Analysis catches a sophisticated bot network in real-time Vercel achieves TISAX AL2 compliance to serve automotive partners Bun runtime on Vercel Functions David Totten Joins Vercel to Lead Global Field Engineering Vercel Ship AI 2025 recap You can just ship agents AI agents and services on the Vercel Marketplace Built-in durability: Introducing Workflow Development Kit Zero-config backends on Vercel AI Cloud Introducing Vercel Agent: Your new Vercel teammate Update regarding Vercel service disruption on October 20, 2025 Agents at work, a partnership with Salesforce and Slack Running Next.js in ChatGPT: How to Build ChatGPT Apps Talha Tariq joins Vercel as CTO of Security Just another (Black) Friday Server rendering benchmarks: Fluid Compute and Cloudflare Workers Towards the AI Cloud: Our Series F Collaborating with Anthropic on Claude Sonnet 4.5 to power intelligent coding agents Preventing the stampede: Request collapsing in the Vercel CDN BotID uncovers hidden SEO poisoning How we made global routing faster with Bloom filters What you need to know about vibe coding Scale to one: How Fluid solves cold starts Addressing security & quality issues with MCP tools - Vercel AI agents at scale: Rox’s Vercel-powered revenue operating system Agentic Infrastructure Zero Data Retention on AI Gateway Optimizing Vercel Sandbox snapshots How Waldium made a blog platform work for humans and AI alike How FLORA shipped a creative agent on Vercel's AI stack Agent responsibly Making Turborepo 96% faster with agents, sandboxes, and humans Unified reporting for all AI Gateway usage new.website joins forces with v0 SERHANT.'s playbook for rapid AI iteration Two startups at global scale without DevOps Chat SDK brings agents to your users 360 billion tokens, 3 million customers, 6 engineers Meet the 2026 Vercel AI Accelerator Cohort Build knowledge agents without embeddings
Mitigating Denial of Wallet risks with Vercel - Vercel – Vercel
Ty Sbano · 2025-01-24 · via Vercel News

4 min read

Unlike traditional cyberattacks that target code or infrastructure vulnerabilities, Denial of Wallet (DoW) attacks focus on draining a service's operational budget.

At Vercel, we're building controls and anomaly detection to help you defend against these threats and protect your applications.

Link to headingWhat is a Denial of Wallet (DoW) attack?

DoW attacks exploit cloud scalability to drive up operational costs. Introduced by OWASP in 2017, these attacks inflate resource consumption—such as bandwidth or compute power—to inflict financial damage. Unlike Denial of Service (DoS) attacks, which disrupt availability, DoW targets your budget, threatening profitability and long-term sustainability.

At its core, a DoW attack is an exhaustion of financial accounts, services, or credits on a cloud-based system. Without the proper protections, these attacks could erroneously charge organizations an uncapped amount. This is especially relevant in elastic cloud environments where costs scale with usage.

Link to headingHow DoW attacks work

DoW attacks exploit auto-scaling applications by generating illegitimate requests while staying below rate-limiting thresholds. Attackers avoid detection by distributing their requests across multiple IP addresses and by slowing the request rate to mimic legitimate traffic. This leads to unnecessary scaling of cloud resources and inflated service costs, leaving organizations to pay for traffic that yields no business value.

Attackers can exploit API endpoints and trigger expensive backend operations, such as database writes, third-party API calls, or resource-intensive computations, by repeatedly sending requests to drive usage and costs.

Link to headingThe impact: More than just dollars and cents

For startups and small businesses, a DoW attack can lead to unforeseen financial strain, diverting funds away from other initiatives. Even larger organizations are not immune, as such attacks can lead to significant disruptions—especially during critical periods like product launches or seasonal events such as Black Friday-Cyber Monday.

The impact spans multiple areas:

  • Operational disruption: When a company is forced to divert resources to investigate and mitigate cost-related incidents, other projects stall

  • Reputation damage: Attacks shake customer confidence, threatening the relationships and trust you've built

  • Investor concerns: Financial instability makes stakeholders wary, especially in a climate where companies must demonstrate responsible budget management

Link to headingOur defensive playbook: Preparing for DoW attacks

Vercel’s secure by default position governs our approach to mitigating DoW attacks. Our layered security tooling helps detect sophisticated attacks and minimize their impact on your business. The following built-in features work together to identify and block malicious traffic while maintaining optimal performance for legitimate users, limiting the economic damage of these attacks.

Link to headingRate limiting: Your first line of defense

Vercel gives you granular control over API rate limiting, letting you set limits on incoming requests. By capping the traffic to your backend, you can protect against runaway costs caused by automated scripts or malicious actors. It’s like placing a valve on a pipeline—you decide the acceptable flow rate and Vercel enforces it.

Rate limits can be adjusted dynamically—without the need to redeploy—to handle a new feature or an unexpected surge in traffic.

Link to headingVercel Web Application Firewall (WAF)

Vercel's WAF actively identifies and blocks malicious traffic. It defends against common vulnerabilities like SQL injection and XSS while adding the DoW layer of protection with challenge-response protocols for suspicious activity. This ensures your system scales only for legitimate users.

Our ready-made firewall templates simplify this setup—ensuring digital efficiency while keeping your budget intact.

Link to headingSpend controls and real-time monitoring

Vercel prioritizes cost transparency and control, providing tools to proactively manage your spending:

  • Real-time usage monitoring: Gain visibility into your resource consumption, so you can quickly spot anomalies. If an unexpected spike occurs, you’ll be the first to know

  • Budget alerts and spend limits: Define thresholds to monitor spending and enforce caps, preventing unexpected costs from escalating into financial strain

These spend-management controls ensure that your spending limits protect you against unexpected costs.

Link to headingBot Protection: Keeping automated threats at bay

Automated bots are often the culprits behind DoW attacks. Vercel takes a multifaceted approach to bot protection:

  • Behavioral analysis: By observing request patterns, Vercel can distinguish between human users and malicious bots

  • Challenge-based verification: Techniques like CAPTCHAs or browser-based Javascript challenges ensure that bots can’t easily inflate your costs, adding a friction layer to deter automated abuse

  • Adaptive filtering: Vercel analyses signatures of bots mimicking legitimate user behavior to stop low-quality traffic at the platform level

With continuously improving detection, these protective layers ensure your infrastructure is used as intended and shielded from malicious scripts.

Link to headingSecuring your cloud costs with Vercel

As the threat landscape evolves, DoW attacks pose a significant economic risk to cloud-based applications. Vercel's security approach arms you with tools that protect both your infrastructure and your budget through multiple layers of defense:

  • Granular API rate limiting to control traffic and prevent cost escalation

  • Vercel Web Application Firewall (WAF) that filters malicious traffic and ensures scaling only occurs for legitimate requests

  • Real-time monitoring and configurable spending limits for proactive budget control

  • Advanced bot protection through behavioral analysis and challenge-based verification

With Vercel's secure by default platform, you can scale your digital presence confidently, safeguarded from the financial risks of DoW attacks. Our built-in security features keep cloud elasticity an asset, so you can focus on growing your business.

Security that scales with you

Explore our comprehensive suite of security tooling to protect your application workloads.

Learn more