Summary
policyengine-api exposes an unauthenticated Anthropic-backed simulation analysis endpoint.
Severity
High
Impact
Attackers can burn LLM quota and persist arbitrary analysis records by repeatedly calling the endpoint.
Affected code
policyengine_api/routes/simulation_analysis_routes.py:19-78policyengine_api/services/ai_analysis_service.py:45-77
Details
/simulation-analysis accepts public requests, and AIAnalysisService immediately initializes an Anthropic client with ANTHROPIC_API_KEY and streams a response for new prompts.
Expected behavior
LLM-backed analysis should require auth, rate limits, and ideally per-user quotas or explicit feature gating.
Suggested remediation
- Require authenticated callers
- Add rate limiting / quota enforcement
- Consider caching and internal-only generation paths for expensive prompts
- Add tests proving unauthenticated requests are denied
Summary
policyengine-apiexposes an unauthenticated Anthropic-backed simulation analysis endpoint.Severity
High
Impact
Attackers can burn LLM quota and persist arbitrary analysis records by repeatedly calling the endpoint.
Affected code
policyengine_api/routes/simulation_analysis_routes.py:19-78policyengine_api/services/ai_analysis_service.py:45-77Details
/simulation-analysisaccepts public requests, andAIAnalysisServiceimmediately initializes an Anthropic client withANTHROPIC_API_KEYand streams a response for new prompts.Expected behavior
LLM-backed analysis should require auth, rate limits, and ideally per-user quotas or explicit feature gating.
Suggested remediation