Skip to content
Dashboard

Protecting against token theft

Copy link to headingWhat inference theft is

Copy link to headingWhich AI endpoints are at risk?

Copy link to headingWhy web defenses don't mitigate inference theft

Copy link to headingThe architecture of abuse

Copy link to headingThe shape of a real attack on our own endpoint

Copy link to headingHow to defend against inference theft

Copy link to headingVerification has to run on every AI request

Copy link to headingImplementing request verification with BotID deep analysis

// app/api/ai-chat/route.ts
import { checkBotId } from 'botid/server';
import { NextRequest, NextResponse } from 'next/server';
export async function POST(request: NextRequest) {
const verification = await checkBotId();
if (verification.isBot) {
return NextResponse.json({ error: 'Access denied' }, { status: 403 });
}
// Your existing AI SDK call path
}

// instrumentation-client.ts
import { initBotId } from 'botid/client/core';
initBotId({
protect: [{ path: '/api/ai-chat', method: 'POST' }],
});

Copy link to headingProtect inference, not just access

Protect your AI endpoints with Vercel BotID

Stop bots from draining your AI budget: see how to gate your endpoints with Vercel BotID in a few steps.

Read the guide

Ready to deploy?