How do I prevent runaway OpenAI bills?

Updated
Short answer

Three layers: vendor-side spend caps (OpenAI Limits page), per-route rate limits at edge (Upstash / Cloudflare), per-user spend tracking via Securie cost-firewall.

Defense-in-depth against LLMjacking + abuse: 1. Vendor-side cap: OpenAI Dashboard → Limits → set monthly + per-day cap. 2. Edge rate limit: per-IP + per-user via Upstash Ratelimit or Cloudflare. 3. Per-tenant spend tracking: Securie's cost-firewall enforces per-tenant + per-feature spend caps with fail-closed reservation.

People also ask

What is LLMjacking?
Theft + resale of stolen LLM API keys for unauthorized inference. Documented Claude Opus victim ran 4.5 days at ~$50K. P