LoopLLM: Transferable Energy-Latency Attacks in LLMs via Repetitive Generation
This addresses security vulnerabilities in LLMs for users and developers by exposing a scalable attack method, though it is incremental as it builds on existing attack concepts.
The paper tackles the problem of energy-latency attacks on large language models (LLMs) by proposing LoopLLM, a framework that induces repetitive generation to reliably achieve near-maximum output length, outperforming baselines with over 90% of the maximum output length compared to 20%.
As large language models (LLMs) scale, their inference incurs substantial computational resources, exposing them to energy-latency attacks, where crafted prompts induce high energy and latency cost. Existing attack methods aim to prolong output by delaying the generation of termination symbols. However, as the output grows longer, controlling the termination symbols through input becomes difficult, making these methods less effective. Therefore, we propose LoopLLM, an energy-latency attack framework based on the observation that repetitive generation can trigger low-entropy decoding loops, reliably compelling LLMs to generate until their output limits. LoopLLM introduces (1) a repetition-inducing prompt optimization that exploits autoregressive vulnerabilities to induce repetitive generation, and (2) a token-aligned ensemble optimization that aggregates gradients to improve cross-model transferability. Extensive experiments on 12 open-source and 2 commercial LLMs show that LoopLLM significantly outperforms existing methods, achieving over 90% of the maximum output length, compared to 20% for baselines, and improving transferability by around 40% to DeepSeek-V3 and Gemini 2.5 Flash.