// GLOSSARY -- AI AGENT SECURITY

What is a Congestion Trap?

1 min read Updated

A systemic trap where an attacker broadcasts signals that synchronise homogeneous agents into exhaustive demand for limited resources — causing denial of service, price spikes, or cascading failures across the agent ecosystem.

WHY IT MATTERS

When thousands of agents share similar models and training, they respond similarly to the same signals. An attacker who understands this correlation can craft content that triggers simultaneous resource consumption — every agent trying to buy the same API, call the same tool, or access the same service at once.

This is the digital equivalent of a bank run, but at machine speed. The flash crash of 2010 demonstrated how correlated algorithmic behaviour can destabilise financial markets. Congestion traps extend this to the broader agent ecosystem.

HOW POLICYLAYER USES THIS

Intercept's rate limiting provides per-agent throttling that prevents any single agent from contributing to congestion. Budget envelopes cap total consumption, breaking the synchronisation pattern.

FREQUENTLY ASKED QUESTIONS

Is this like a DDoS attack?
Similar outcome, different mechanism. DDoS uses malicious traffic. A congestion trap uses legitimate agents making legitimate requests — the attack is the synchronisation, not the individual requests.

FURTHER READING

Let agents act without letting them run wild.

Deterministic policy on every MCP tool call. Per-identity grants. Full audit log.

GET STARTED →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.