Vercel warns AI endpoints are prime targets for inference theft

Cheap HTTP checks do not match $2-per-prompt economics. Verify every AI request, or one abused endpoint can turn into a five-figure bill.

[ KEY POINTS ]

Attackers wrap custom endpoints in OpenAI or Anthropic adapters, then resell stolen inference through standard SDK clients.
Session auth and IP limits fail when proxy fleets and throwaway accounts spread calls across thousands of identities.
Playgrounds are the highest-risk shape because users control prompts, models, and parameters. Fixed server prompts lower but do not remove risk.
BotID is Vercel's proposed gate: run bot verification on every AI request, not just signup or session start.

Originalvercel.com/blog/protecting-against-inference-theftRead original →

// related

#0001
#0001Infra & SaaS vercel_blog13 hours ago
`Vercel` switches function invocations to per-unit billing
100radar
VercelFrontend cloud platform — optimized for Next.js deployment
Function usage now maps directly to actual calls. The rate is unchanged, but billing becomes smoother for small teams and bursty apps.
- Pro customers pay $0.0000006 per invocation, equivalent to the previous $0.60 per 1M invocations package rate.
- The change starts from the next billing cycle; current effective rates stay unchanged until the existing cycle ends.
- Per-unit billing reduces the chance that Vercel Functions usage eats a large chunk of monthly included credits at once.
- Applies to Pro and new Enterprise customers, so active Vercel apps should recheck cost dashboards after renewal.
Source: vercel.com/changelog/function-invocations-now-billed-perRead original →
FIG-0011:1
100radar
FIG-0011:1
#0002
#0002Infra & SaaS Simon Willison19 hours ago
`Datasette` `1.0a31` adds write SQL and stored queries
60radar
DatasetteSQLite data tool — publishes DBs as web UI and APIs
Permissions now cover insert/update/delete workflows directly in the SQL UI. Good fit for lightweight internal admin tools on SQLite, but still alpha.
- Users with the right permissions can run write queries against a database, turning Datasette from read-only browsing into a small data editing surface.
- Stored queries replace the old canned-query naming and can be saved privately or shared with other members of the same instance.
- The new execute-query UI starts from templated insert, update, and delete queries for editable tables, reducing hand-written SQL mistakes.
- Permission checks block operations like create table when the user lacks that grant, so this can back simple ops panels without opening full DB access.
Source: simonwillison.net/2026/May/29/datasette/#atom-everythingRead original →
60radar
PHOTO
FIG-0021:1
#0003
#0003Infra & SaaS GeekNews23 hours ago
`Garnix` Hosting Shuts Down on July 15, 2026
50radar
GarnixNix-based hosting SaaS — open-source self-hosting path
The hosting service is ending during the Shopify transition. Users get an open-source escape hatch, but hosted workloads need migration planning now.
- Garnix hosting ends on July 15, 2026; any production or preview workloads must move before that date.
- The codebase is being open-sourced, so self-hosted or shared community instances can replace the managed service.
- Community instance operation is still only partially described, so treat it as a migration path, not a guaranteed managed alternative.
Source: news.hada.io/topic?id=29974Read original →
FIG-0031:1
50radar
FIG-0031:1

Vercel warns AI endpoints are prime targets for inference theft

// related

`Vercel` switches function invocations to per-unit billing

`Datasette` `1.0a31` adds write SQL and stored queries

`Garnix` Hosting Shuts Down on July 15, 2026