https://igortkanov.com/computers/programming/Recent content in Programming on {IT}Hugoen-usCopyright © 2026 {IT}. All rights reserved. Unless otherwise stated, all text, images, diagrams, and other original content on this blog may not be reproduced, distributed, or used without prior written permission.Tue, 22 Jul 2025 19:46:56 +0000https://igortkanov.com/how-to-prevent-token-misuse-in-llm-integrations/Tue, 22 Jul 2025 19:46:56 +0000https://igortkanov.com/how-to-prevent-token-misuse-in-llm-integrations/<p><figure class="alignright" style="max-width:140px"><img src="https://igortkanov.com/how-to-prevent-token-misuse-in-llm-integrations/dsc06113.jpg" alt="Old microscope part" width="140" loading="lazy"></figure></p> <p>LLMs are powerful. And expensive. Every token counts, and if you&rsquo;re building something that uses an LLM API (Claude, OpenAI, Gemini or PaLM, Mistral, etc.), malicious users can abuse it to burn through your credits. This is especially true for apps that take user input and feed it to the model.</p> <p>The trick is that an attacker doesn&rsquo;t have to hack your servers. Not even <em>SQL-inject</em> it. They just have to <strong>convince the LLM</strong> to do something it shouldn&rsquo;t by crafting a proper prompt. So, actually, it does look a bit like an SQL injection, but for AI prompts.</p>