This work addresses the lack of resource-level security safeguards in retrieval-augmented generation (RAG) systems for code synthesis by proposing the first stealthy resource-exhaustion adversarial attack. The method employs a mutation-based context poisoning technique to inject malicious content into the retrieval corpus, thereby manipulating large language models into generating substantially longer code outputs. Demonstrating strong generalization across diverse prompting strategies and existing defense mechanisms, the attack increases output length by over threefold, raises inference latency by up to 85%, and elevates energy consumption by 49%. These findings effectively expose critical vulnerabilities in current RAG-based code generation systems with respect to resource consumption and operational efficiency.

Large language models (LLMs) have demonstrated impressive capabilities in code generation, by leveraging retrieval-augmented generation (RAG) methods. However, the computational costs associated with LLM inference, particularly in terms of latency and energy consumption, have received limited attention in the security context. This paper introduces DrainCode, the first adversarial attack targeting the computational efficiency of RAG-based code generation systems. By strategically poisoning retrieval contexts through mutation-based approach, DrainCode forces LLMs to produce significantly longer outputs, thereby increasing GPU latency and energy consumption. We evaluate the effectiveness of DrainCode across multiple models. Our experiments show that DrainCode achieves up to a 85% increase in latency, a 49% increase in energy consumption, and more than a 3× increase in output length compared to the baseline. Furthermore, we demonstrate the generalizability of the attack across different prompting strategies and its effectiveness compared to different defenses. The results highlight DrainCode as a potential method for increasing the computational overhead of LLMs, making it useful for evaluating LLM security in resource-constrained environments. We provide code and data at https://github.com/DeepSoftwareAnalytics/DrainCode.