Vercel charges for all traffic including DDoS and bot requests with no per-deployment hard spend ceiling, sending bootstrapped developers five-figure surprise bills

Vercel bills for every successfully-served request including bot and crawler traffic and DDoS traffic before automatic mitigation fires. Developers have been hit with $23K, $96K, and six-figure monthly bills from traffic spikes or misconfigured serverless function loops. The platform added a monthly overage cap setting in 2024 but it only prevents spending above the subscription tier; it does not provide a per-route or per-deployment hard ceiling that kills a function when a real-time dollar threshold is hit. The HN thread 'We Need to Talk About Vercel' reached 277 points with hundreds of comments from developers citing this as an existential risk for bootstrapped teams. One commenter described it as their worst nightmare. No CLI tool exists that lets developers define per-route spend budgets in a config file, simulate a projected bill from last-month traffic, and deploy a lightweight kill-switch edge function that pauses a route when a configurable per-day threshold is hit.