Alleged LLMjacking Targets AI Cloud Services with Stolen Credentials
May 6, 2024
Attackers reportedly exploited stolen cloud credentials obtained through a vulnerable Laravel system (CVE-2021-3129) to allegedly abuse AI cloud services, including Anthropic’s Claude and AWS Bedrock, in a scheme referred to as “LLMjacking.” The attackers are said to have monetized access through reverse proxies, reportedly inflating victim costs to as much as $100,000 per day. Additionally, they allegedly bypassed sanctions, enabled LLM models, and evolved techniques to evade detection and logging.
- Alleged deployer
- llmjacking-attackers-exploiting-laravel, entities-engaging-in-russian-sanctions-evasion
- Alleged developer
- oai-reverse-proxy-tool-creators, llmjacking-reverse-proxy-tool-creators
- Alleged harmed parties
- laravel-users, laravel-cve-2021-3129-users, cloud-llm-users, cloud-llm-service-providers
Source
Data from the AI Incident Database (AIID). Cite this incident: https://incidentdatabase.ai/cite/898
Data source
Incident data is from the AI Incident Database (AIID).
When citing the database as a whole, please use:
McGregor, S. (2021) Preventing Repeated Real World AI Failures by Cataloging Incidents: The AI Incident Database. In Proceedings of the Thirty-Third Annual Conference on Innovative Applications of Artificial Intelligence (IAAI-21). Virtual Conference.
Pre-print on arXiv · Database snapshots & citation guide
We use weekly snapshots of the AIID for stable reference. For the official suggested citation of a specific incident, use the “Cite this incident” link on each incident page.