Back

Malicious LLM Proxy Routers Compromise AI Security

Severity: High (Score: 71.0)

Sources: Risky.Biz, codewall.ai, shipandbunker.com, www.nyk.com, haveibeenpwned.com

Summary

A recent study identified 28 malicious LLM proxy routers that can modify AI service responses and access sensitive credentials. The research tested 28 paid routers and 400 free routers, revealing that nine injected harmful commands, two employed delay triggers, and 17 accessed AWS account canaries. One router was capable of emptying a private Ethereum wallet, indicating severe malicious intent. The compromised routers can relay commands across a company's AI infrastructure, posing a significant risk of malware, credential theft, and data exfiltration. The research team demonstrated the threat by leaking an OpenAI API key, leading to over 400 sessions into their proxy mesh. This incident highlights vulnerabilities in AI cost-control systems and the potential for widespread impact on organizations utilizing LLMs. The findings emphasize the need for heightened security measures in AI deployments. Key Points: • 28 malicious LLM proxy routers were identified, compromising AI service security. • One router was capable of emptying a private Ethereum wallet, showcasing severe risk. • Over 400 sessions were observed exploiting a leaked OpenAI API key through compromised routers.

Key Entities

  • Data Breach (attack_type)
  • Malware (attack_type)
  • Phishing (attack_type)
  • Ransomware (attack_type)
  • Sql Injection (attack_type)
  • SonicWall Reconnaissance Campaign (campaign)
  • Stardrop Npm Campaign (campaign)
  • AudiA6 (company)
  • Bain (company)
  • Boston Consulting Group (company)
  • Hallmark (company)
  • Kucoin (company)
  • Kraken (ransomware_group)
  • Canada (country)
  • Japan (country)
  • Russia (country)
  • CVE-2025-0520 (cve)
  • CVE-2026-32201 (cve)
  • CVE-2026-5194 (cve)
  • databreaches.net (domain)
  • gmail.com (domain)
  • Retail (industry)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1136 - Create Account (mitre_attack)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • Chrome Web Store (platform)
  • GitHub (platform)
  • GraphQL (platform)
  • Mac App Store (platform)
  • Prestashop (platform)
  • CodeWall (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed