RidgeText is intended to be a helpful tool for outdoor adventurers. It's so useful that people find ways to use it in stores, at home, in the city, or anywhere you can send a simple SMS. One feature that we added early on was image generation — and it has turned out to be one of our most beloved features. Users generate scenes, upload their own photos for AI-assisted editing, and iterate on the results conversationally. The engagement numbers have consistently been strong, and the feedback has been genuinely enthusiastic.
Which is what makes this story complicated. The incident we're about to describe is, in its own strange way, a compliment. Someone loved image generation so much that they learned how it worked at a technical level — including the fact that uploading an image and replying with "more"-style prompts would continue editing the same scene — and then decided to run that loop as hard as they possibly could. They were genuinely engaged with the product. They just weren't paying for what they were consuming.
One of the things we knew going in to building an AI service on SMS was that it would attract creative uses — and creative misuses. In late June 2026, we got our first serious example of the latter.
One Abusive User - At a Glance
1,074
Image generations
in 7 active days
$4.99/mo
Cost to the abuser
Explorer tier subscription
~2.6 min
Between images
average during peak day active hours
54
Images in one hour
peak 8–9pm user local time, June 25
A single user on the Explorer tier ($4.99/month) discovered that uploading an image and repeatedly sending follow-up prompts — "MORE," "again," variations on the same scene — would trigger fresh AI image edits in the same context, indefinitely. They ran that loop continuously during waking hours for seven days, generating 1,074 images before we detected and shut it down (1,212 total including the shutdown period). For $4.99, they consumed roughly $300 in Twilio messaging costs and $390 in Google AI compute — costs we caught early through diligent billing review, and which we're still offsetting against startup credits.
The Incident: By the Numbers
The activity started on June 21 with a single image, then 24 the next day. By day three it had escalated sharply.
Image Generations by Day
June 21–29, 2026 · Grayed bars = days after detection · Dashed line = normal user's best month (24 images)
From June 23 onward, the user settled into a consistent rhythm: 130–280 images per day, active from roughly noon to midnight user local time (UTC+3). That 12-hour window — midday through the end of the evening — maintained for five consecutive days without variation, is what makes the intentional nature clear. This wasn't an automated script — SMS doesn't easily support scripted automation at the application layer. It was a person at their phone, starting at lunch and running it until they went to sleep.
The total across the 7 active days: 1,074 image generations. Including the detection and shutdown period, 1,212.
The Peak Day
On June 25, they generated 282 images — more than one every two and a half minutes across the full active window.
Peak Day: Hour by Hour — June 25
282 images · Active noon–midnight user local time (UTC+3) · Red bar = peak hour at 8pm (54 images, ~1/min)
At 8pm user local time that day, the cadence hit 54 images in a single hour — essentially one per minute, sustained. That's a prime-time evening slot: dinner done, sitting on the couch, phone in hand. That hour alone exceeds what most of our users generate in an entire month.
There is one silver lining worth noting: the platform handled it without breaking a sweat. Every image was generated and delivered. No timeouts, no degraded quality, no errors. Whatever the intent, it was an unplanned stress test — and the system passed.
What Normal Usage Looks Like
To understand why this pattern stood out, here's what a genuinely active Explorer subscriber's usage looks like across several months:
What Normal Looks Like
An active Explorer subscriber · Feb–Jun 2026 · 37 total image generations over 5 months
5-month total: 270 interactions · avg. 7.4 image generations/month
And here's how June compared across the full platform — the abuser's activity versus the same active user in the same month:
June 2026: Abuser vs. Typical Active User
The normal user's bars are barely visible by design — that gap is the story
The normal user's bars are barely visible. That gap between normal users and this one user is huge.
The abuser generated more images on their second day of activity (24 on June 22) than this active subscriber generated across all five months combined for image generation. The 7-day total of 1,074 images represents roughly 12 years of normal image generation usage at this subscriber's average rate.
Why SMS Friction Wasn't Enough
A common assumption is that SMS has enough built-in friction to limit abuse — and for most forms of misuse, that's true. Sending a message, waiting for a response, and carrying on a conversation has an inherent human pace. You can't easily script a thousand requests to an SMS number the way you can an API.
But this wasn't a scripted attack. It was a deliberate, sustained manual effort. The user found a specific loop — generate image, reply "MORE," get a new image — and committed to running it as fast as humanly possible for over a week. SMS friction limits casual overuse. It doesn't stop someone who has decided to exploit a specific pattern with their full attention.
The signals were all there in hindsight: the noon-to-midnight active window, the day-over-day rhythm, the absence of any natural conversational variation. A normal user's session looks choppy — bursts of activity, then quiet. This looked like a production workload.
The Response
We detected the anomaly on June 28, reviewed the logs, and acted the same day. Total incident duration: eight days.
How we handled the account
We didn't permanently ban the account. Instead, we downgraded it to the Free tier and issued a full refund of the Explorer subscription fee — as a courtesy, even though our Terms of Service (§4.4) don't require refunds for partial billing periods. A review of the generated content triggered by the volume anomaly found further violations that confirmed the account action. The account holder was notified that the action was taken under §3.3 (Account Termination) for usage inconsistent with our Acceptable Use policy (§5), and informed that any future violations would result in permanent suspension without refund eligibility.
The door stays open — they're welcome to use the Free tier. The infrastructure bill was real (~$690 in Twilio and Google AI costs against a $4.99 subscription), but permanent bans are a last resort. We'd rather give someone a path back.
Platform changes
In the aftermath, we shipped several changes:
- Daily image generation limits — enforced per calendar day, preventing any session from generating unbounded images regardless of monthly quota status
- Tighter monthly quota enforcement — harder gates that block rather than warn when quota is reached
- Anomaly monitoring — rate thresholds that flag accounts generating significantly above the tier average, so we're alerted before we're in day seven
These were the right controls to add regardless of this incident. The incident just made the priority clear.
The Credits Solution
The incident also forced an honest question: what should a high-volume user do if they legitimately want to generate a lot of images?
Before this, the honest answer was: not much. Upgrading to a higher tier shifts the quota ceiling but doesn't remove it. There was no sanctioned path to say "I want 200 images this month — I'll pay for them."
That's what drove the Credits system. Credits are prepaid interaction bundles — 50, 100, 275, or 600 credits purchased in advance, used at your own pace. Image generations cost 2 credits; text queries and image analysis cost 1. Credits stack on top of your monthly subscription quota and roll over indefinitely.
For a user who genuinely wants intensive image generation sessions, Credits are the right tool. The economics are transparent, the per-image cost is clear, and usage is sanctioned. No loop to exploit — just load up credits and generate.
Something Good Came Out of It
When we reviewed how the exploit worked — upload an image, iterate with follow-up prompts, repeat — we realized the underlying capability was genuinely powerful and underbuilt. The abuser had found real value in the edit-and-iterate flow; they'd just found it in the worst possible way.
So we built it out properly. Image editing now accepts multiple images simultaneously, letting you combine, blend, and iterate across several source photos in a single session. You can upload a landscape and a subject, combine them, refine the result, and keep going — all over SMS, without an app, without a desktop. It's one of the most expressive things you can do with the platform.
Here's a quick example. Three completely unrelated images — an African elephant, a snowy alpine mountain, and a blue jay on a cherry-blossom branch — fed into a single prompt asking RidgeText to merge them:

Image 1

Image 2

Image 3

Result — elephant, mountain, and blue jay combined in one image. Prompt refinement would improve the composition further; this was a first-pass demonstration.
The AI placed the elephant in the mountain landscape and perched the blue jay on its back (accidentally making the blue jay appear giant due to a request to "make it proportional"), dusting everything in snow for coherence. Refined prompting would improve how the subjects fit together, but as a first-pass demonstration it's hard to argue with the result.
The Takeaway
The irony isn't lost on us: an abuse incident led directly to a feature we're genuinely proud of. The lesson isn't that abuse is welcome — it's that user behavior, even bad-faith behavior, often points at something real.
We'd rather write honestly about what went wrong than pretend it didn't happen. If you have questions about the Credits system, image editing, or our rate limits, reach out.