May 9th — A recent study by a threat research team has revealed a new cyber attack type called “LLMjacking.” This attack type targets cloud-hosted large language models (LLM) services through the use of stolen cloud credentials.

In contrast with previous discussions of LLM-based AI system threats, which have largely focused on prompt abuse and data manipulation, this attack seeks to monetize LLM access by selling it to other cyber criminals while shuffling the costs over to the legitimate cloud owner.

What’s happening

In a recent incident, attackers obtained access to private cloud environments by using exfiltrated credentials. The attackers targeted local LLM models that are hosted by reputable cloud providers. We know that attackers hit Anthropic’s Claude LLM, which, left undetected, this could have resulted in significant daily LLM consumption costs —$46,000 per day — for the company.

Further information

Researchers also discovered evidence of a reverse proxy being employed to access compromised accounts, indicating hacker interest in accessing LLM models across different services. The attackers utilized tools to check credentials for various AI providers, including AWS Bedrock, Azure and GCP Vertex AI.

To counter LLM attacks, experts recommend implementing proactive vulnerability and secrets management practices. In addition, leverage a strong Cloud Security Posture Management (CSPM) tool or Cloud Infrastructure Entitlement Management (CIEM) solutions. These can help restrict permissions and stop unauthorized access.

For more on this story, click here. To receive compelling cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.