惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
F
Fortinet All Blogs
博客园_首页
The GitHub Blog
The GitHub Blog
V
Visual Studio Blog
D
DataBreaches.Net
aimingoo的专栏
aimingoo的专栏
爱范儿
爱范儿
B
Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
N
Netflix TechBlog - Medium
阮一峰的网络日志
阮一峰的网络日志
P
Proofpoint News Feed
D
Docker
Engineering at Meta
Engineering at Meta
大猫的无限游戏
大猫的无限游戏
The Cloudflare Blog
罗磊的独立博客
云风的 BLOG
云风的 BLOG
Microsoft Azure Blog
Microsoft Azure Blog
T
The Exploit Database - CXSecurity.com
博客园 - 三生石上(FineUI控件)
量子位
The Last Watchdog
The Last Watchdog
MyScale Blog
MyScale Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
The Blog of Author Tim Ferriss
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
小众软件
小众软件
Cloudbric
Cloudbric
博客园 - 司徒正美
H
Help Net Security
人人都是产品经理
人人都是产品经理
Application and Cybersecurity Blog
Application and Cybersecurity Blog
L
LangChain Blog
Latest news
Latest news
M
MIT News - Artificial intelligence
T
Threat Research - Cisco Blogs
博客园 - Franky
S
Security Affairs
W
WeLiveSecurity
F
Full Disclosure
Know Your Adversary
Know Your Adversary
Google DeepMind News
Google DeepMind News
The Hacker News
The Hacker News
Cyberwarzone
Cyberwarzone
美团技术团队
PCI Perspectives
PCI Perspectives
C
Check Point Blog
Spread Privacy
Spread Privacy

Vercel News

Vercel Open Source Program: Winter 2026 cohort How Notion Workers run untrusted code at scale with Vercel Sandbox How we run Vercel's CDN in front of Discourse From idea to secure checkout in minutes with Stripe Building Slack agents can be easy Scaling redirects to infinity on Vercel Advancing Python typing Gamma builds design-first agents with Vercel How Avalara turns pipe dreams into patent-pending with v0 Keeping community human while scaling with agents How OpenEvidence built a healthcare AI that physicians actually trust Security boundaries in agentic architectures Skills Night: 69,000+ ways agents are getting smarter Video Generation with AI Gateway We Ralph Wiggumed WebStreams to make them 10x faster How Stably ships AI testing agents in hours, not weeks How we built AEO tracking for coding agents Anyone can build agents, but it takes a platform to run them Introducing Geist Pixel The Vercel AI Accelerator is back with $6m in credits Making agent-friendly pages with content negotiation The Vercel OSS Bug Bounty program is now available Introducing the new v0 Run untrusted code with Vercel Sandbox, now generally available How Stripe built a game-changing app in a single flight with v0 How Sensay went from zero to product in six weeks AGENTS.md outperforms skills in our agent evals Agent skills explained: An FAQ Testing if "bash is all you need" AWS databases are now live on the Vercel Marketplace and v0 Use Perplexity Web Search with Vercel AI Gateway Introducing: React Best Practices Nick Bogaty joins Vercel as Chief Revenue Officer How Mux shipped durable video workflows with their @mux/ai SDK How to build agents with filesystems and bash How we made v0 an effective coding agent Stopping the slow death of internal tools Building AI-Generated Pixel Trading Cards with Vercel AI Gateway We removed 80% of our agent’s tools AI SDK 6 Our $1 million hacker challenge for React2Shell Cline now runs on Vercel AI Gateway How to prompt v0 Build smarter workflows with Notion and v0 Vercel launches partner certification Inside Workflow DevKit: How framework integrations work React2Shell Security Bulletin | Vercel Knowledge Base Billions of requests: Black Friday-Cyber Monday 2025 Investing in the Python ecosystem AWS Databases coming to the Vercel Marketplace How we built the v0 iOS app Workflow Builder: Build your own workflow automation platform Vercel Open Source Program: Fall 2025 cohort Self-driving infrastructure Vercel collaborates with Google for Gemini 3 Pro Preview launch Vercel: The anti-vendor-lock-in cloud How Nous Research used BotID to block automated abuse at scale How AI Gateway runs on Fluid compute What we learned building agents at Vercel Build and deploy data applications on Snowflake with v0 BotID Deep Analysis catches a sophisticated bot network in real-time Vercel achieves TISAX AL2 compliance to serve automotive partners Bun runtime on Vercel Functions David Totten Joins Vercel to Lead Global Field Engineering Vercel Ship AI 2025 recap You can just ship agents AI agents and services on the Vercel Marketplace Built-in durability: Introducing Workflow Development Kit Zero-config backends on Vercel AI Cloud Introducing Vercel Agent: Your new Vercel teammate Update regarding Vercel service disruption on October 20, 2025 Agents at work, a partnership with Salesforce and Slack Running Next.js in ChatGPT: How to Build ChatGPT Apps Talha Tariq joins Vercel as CTO of Security Just another (Black) Friday Server rendering benchmarks: Fluid Compute and Cloudflare Workers Towards the AI Cloud: Our Series F Collaborating with Anthropic on Claude Sonnet 4.5 to power intelligent coding agents Preventing the stampede: Request collapsing in the Vercel CDN BotID uncovers hidden SEO poisoning How we made global routing faster with Bloom filters What you need to know about vibe coding Scale to one: How Fluid solves cold starts Addressing security & quality issues with MCP tools - Vercel AI agents at scale: Rox’s Vercel-powered revenue operating system Agentic Infrastructure Zero Data Retention on AI Gateway Optimizing Vercel Sandbox snapshots How Waldium made a blog platform work for humans and AI alike How FLORA shipped a creative agent on Vercel's AI stack Agent responsibly Making Turborepo 96% faster with agents, sandboxes, and humans Unified reporting for all AI Gateway usage new.website joins forces with v0 SERHANT.'s playbook for rapid AI iteration Two startups at global scale without DevOps Chat SDK brings agents to your users 360 billion tokens, 3 million customers, 6 engineers Meet the 2026 Vercel AI Accelerator Cohort Build knowledge agents without embeddings
Protecting AI apps from bots and bad actors with Vercel and Kasada - Vercel – Vercel
Malte Ubl · 2024-03-22 · via Vercel News

3 min read

Showcasing threat vectors for AI workloads and how we secure the Vercel AI SDK Playground.

The growth in popularity of AI applications, and the relative high cost of the LLMs to power those calls, means AI apps have emerged as an incredibly high-value target for bots and bad actors.

Vercel's industry-leading DDoS mitigation, including our recently launched Attack Challenge Mode, provides the first line of defense. With our built-in L3, L4, and L7 protections, the Vercel Firewall uses hundreds of signals and detection factors to fingerprint request patterns, determine if they appear to be an attack, and challenge or block requests if they appear illegitimate.

To allow for continued experimentation with AI in our products, it’s essential that compute resources are actively protected against unauthorized use, to protect and secure high-value actions such as AI calls.

A prime example of this is Vercel's AI Playground, which allows users to experiment with dozens of different LLMs in one dashboard. The dashboard sees millions of active generations, and 5x that in blocked bot traffic.

In this post, we'll talk about how we leverage Next.js Middleware and our partner Kasada to lock down our AI SDK Playground for additional protection.

Protect your AI workloads.

Learn how Vercel and Kasada work together to prevent abuse in your AI apps.

See the Template

Link to headingNew risks, old attack vectors

Due to the nature of AI compute, threat actors are exploiting AI applications by using automation and bots to run up operational costs via two main methods:

  1. Denial of Wallet Attacks: Malicious entities deploy bots aiming to inflate the operational costs of AI applications, essentially forcing the target to incur unwarranted financial burdens.

  2. Prompt Injection Attacks: Attackers abuse AI applications in an attempt to generate unintended responses and extract sensitive data from business logic or queries embedded within; this redirects computational expenses onto the victim, essentially leveraging expensive AI APIs without bearing the cost themselves.

These threats are not just hypothetical; they have materialized across various platforms, as evidenced by incidents documented on GitHub and other repositories, where attackers have sought to bypass payment mechanisms to access AI services.

Link to headingVercel's AI SDK Playground: A case study in bot mitigation

The Vercel AI SDK Playground presents a compelling case study in addressing these challenges. Designed as a sandbox for exploring a variety of AI models, it implements a tiered access system based on user authentication, from anonymous users to verified customers.

This structure, however, also painted a target on the platform for attackers seeking unauthorized access to AI capabilities.

Link to headingThe challenge

Our initial observations were alarming; the platform quickly became a target for abuse, primarily from two groups:

  • Those seeking free access to AI models.

  • Individuals circumventing geographical restrictions on certain AI technologies.

Despite implementing basic bot protection measures, we realized that the attackers' motivations were strong enough to drive them to find workarounds. It became clear that a more sophisticated solution was necessary.

Link to headingIntegrating Kasada: A turnkey solution

The introduction of Kasada's bot protection technology marked a turning point in our battle against these threats. By integrating Kasada's solution, we observed an immediate cessation of the abusive activities that had plagued our platform.

The implementation of a 1st-party-request-only protocol, enforced through Next.js Middleware, allowed us to intercept and block bot-driven API calls based on Kasada's bot classification.

The results were striking. Upon deploying Kasada, we saw an immediate drop in bot traffic, from a staggering 84% of our traffic to negligible levels.

Link to headingHow it works

Kasada provides dynamic defense against automated threats with a platform that is quick to evolve, difficult to evade, and invisible to humans. Protections are immediate and long-lasting without the need for any management and can be easily integrated with their API.

middleware.js

import { NextResponse } from 'next/server';

import { kasada } from '@lib/kasada-api';

export default async function middleware(request) {

const { error, context } = await kasada.classify(request);

// If Kasada was down or another failure occurred, fail open so users aren't impacted

if (error) {

console.error(`Kasada failed open with error: ${error}`);

return NextResponse.next();

}

// If the request is a Bad Bot, block this request and return a customizable response

if (context.response) {

return kasada.prepareResponse(context.response, context);

}

// No Bad bot detected, proceed to the next route handler

return NextResponse.next();

}

With a tightly integrated, layered defense platform, Kasada applies a combination of robust client-side defenses, AI/ML-based anomaly server-side detection, invisible challenges, and data integrity checks to avoid data tampering and replay attacks.

Link to headingOngoing collaboration to shield AI applications

Our collaboration with Kasada exemplifies Vercel's dedication to pioneering secure and scalable web infrastructure solutions. As we continue to navigate the complexities of AI application security, partnerships like these are invaluable.

The journey with Kasada is just the beginning. As AI technologies continue to evolve, so, too, will the strategies to protect them. Through continuous innovation and collaboration, we remain dedicated to offering our users a secure, efficient, and accessible digital experience.

Industry-leading security.

Learn more about Vercel's robust security and DDoS mitigation for your critical applications.

Talk with an Expert