Attackers can exploit reasoning guardrails of AI agents through deliberately manipulated inputs to cause resource exhaustion without bypassing the security mechanisms themselves.
The HTTP/2 Bomb combines metadata amplification with Slowloris tactics to enable massive DoS attacks without threshold limitations, as the protocol specification insufficiently controls memory.