"For years, CSOs have worried about their IT infrastructure being used for unauthorized cryptomining. Now, say researchers, they'd better start worrying about crooks hijacking and reselling access to exposed corporate AI infrastructure. In a report released Wednesday, researchers at Pillar Security say they have discovered campaigns at scale going after exposed large language model (LLM) and MCP endpoints - for example, an AI-powered support chatbot on a website."
""What we've discovered is an actual criminal network where people are trying to steal your credentials, steal your ability to use LLMs and your computations, and then resell it." "It depends on your application, but you should be acting pretty fast by blocking this kind of threat," added co-author Eilon Cohen. "After all, you don't want your expensive resources being used by others. If you deploy something that has access to critical assets, you should be acting right now.""
Campaigns at scale are targeting exposed large language model (LLM) and MCP endpoints such as AI-powered support chatbots. Honeypots captured 35,000 attack sessions in recent weeks searching for exposed AI infrastructure. A criminal network is stealing credentials and compute resources to run unauthorized LLM inference, resell API access on criminal marketplaces, and exfiltrate data from LLM context windows. The operations appear run by a small group rather than a nation-state. The technical barrier to exploit is low, and rapid blocking and tighter access controls are recommended to prevent resource theft and data exposure.
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]