Public LLM Endpoints Expose Search Abuse Risk

Tom Casavant warns that public website search endpoints backed by LLM APIs can be exploited via prompt injection, allowing attackers to leverage paid LLM access and issue unintended commands. He notes administrative logs already show automated probing, and as more sites deploy public LLM-powered features, developers risk direct costs and operational abuse without input sanitization, rate limits, and prompt-safety controls.