ClickCease Combat LLMjacking Attack: Protect Cloud-Hosted AI Models

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Combat LLMjacking Attack: Protect Cloud-Hosted AI Models

Wajahat Raja

May 21, 2024 - TuxCare expert team

In the realm of cybersecurity, a new menace has emerged: LLMjacking, a type of AI hijacking. This innovative attack method utilizes pilfered cloud credentials to infiltrate cloud-hosted large language model (LLM) services, with the ultimate aim of peddling access to other malicious actors. The Sysdig Threat Research Team has coined this tactic as LLMjacking attack, shedding light on a sophisticated Large Language Model security threat landscape.

Understanding the LLMjacking Attack


In recent times, major cloud providers such as Azure Machine Learning, GCP’s Vertex AI, and AWS Bedrock have introduced hosted LLM services. These platforms offer developers seamless access to a plethora of popular LLM models, facilitating the rapid development of AI-based applications. The user interfaces are designed for simplicity, expediting the application-building process.

However, accessing these models isn’t as straightforward as it seems. Users are required to submit requests to the cloud vendor to enable access. While for some models, approval is automatic, for others, particularly third-party models, a brief form must be completed. Despite this procedural requirement, it hardly poses a challenge for attackers, serving more as a speed bump than a robust security measure.

Cloud vendors have streamlined the interaction process with hosted cloud-based language models through user-friendly CLI commands. Once configurations and permissions are set, engaging with the model becomes effortless through simple commands. Ethical considerations in AI are crucial for ensuring the responsible development and deployment of intelligent systems.

Unraveling the Attack


The crux of the machine learning vulnerability lies in the exploitation of stolen cloud credentials to breach cloud environments and access local LLM models hosted by cloud providers. This intrusion pathway typically involves compromising systems running vulnerable versions of frameworks like Laravel, followed by acquiring credentials to access LLM services, such as those offered by Amazon Web Services (AWS).

The attackers employ various tools, including open-source Python scripts, to validate keys for a range of offerings from different providers like Anthropic, AWS Bedrock, Google Cloud Vertex AI, Mistral, and OpenAI. Notably, during the verification phase, no legitimate LLM queries are executed; instead, the focus is on gauging the capabilities of the credentials and any associated quotas.

The Role of LLM Reverse Proxy


Central to the LLMjacking attack strategy is the utilization of the LLM reverse proxy, an open-source project designed to act as a conduit for LLM services. This tool enables attackers to manage access to multiple LLM accounts centrally, without exposing the underlying credentials. By leveraging this proxy, threat actors can monetize their efforts by selling access to compromised accounts while maintaining anonymity.

Furthermore, the LLMjacking attack hackers demonstrate a cunning attempt to evade detection by querying logging settings, thus minimizing the risk of discovery while utilizing compromised credentials.

LLMjacking Attack Technical Insights


A deeper dive into the technical aspects of the attack reveals a calculated approach by the attackers. By executing seemingly legitimate API requests within the cloud environment, they meticulously test the boundaries of their access without triggering immediate alarms. For instance, the attackers deliberately manipulate parameters in API calls to validate the existence and activity of LLM services, thereby uncovering the extent of their stolen credentials’ capabilities.

LLMjacking Attack Mitigation


Organizations are urged to bolster their defense mechanisms against the LLMjacking attack by enabling detailed logging and monitoring cloud logs for any suspicious or unauthorized activity. Stolen cloud and SaaS credentials remain a prevalent attack vector, with attackers continually seeking new avenues for financial gain. 

As organizations increasingly rely on cloud-hosted AI models, the risks associated with unauthorized access escalate. To mitigate these risks, businesses should prioritize:


  1. Enhanced Logging and Monitoring: Implement detailed logging and robust monitoring of cloud activity to detect suspicious or unauthorized access promptly.
  2. Vulnerability Management: Maintain effective vulnerability management processes to prevent initial access through known vulnerabilities, such as CVE-2021-3129.
  3. Risk Awareness and Response: Educate stakeholders about the evolving threat landscape and establish clear protocols for responding to security incidents.

Securing cloud-based AI models is essential for protecting sensitive data and maintaining business integrity.



As the prevalence of stolen cloud and SaaS credentials continues to rise, it is imperative for organizations to fortify their cybersecurity posture. The utilization of LLM services can incur substantial costs, making it an attractive target for malicious actors seeking financial gain. AI security best practices play a pivotal role in fortifying systems against evolving cyber threats. 

Swift detection and response mechanisms are paramount to mitigate the impact of such attacks and safeguard business operations. In conclusion, LLMjacking underscores the evolving nature of Cloud security threats, necessitating a proactive approach to cybersecurity to counteract emerging vulnerabilities effectively. 

By staying vigilant and implementing robust cloud AI security measures, organizations can fortify their defenses and mitigate the risks posed by sophisticated the LLMjacking attack.

The sources for this piece include articles in The Hacker News and Decipher.


Combat LLMjacking Attack: Protect Cloud-Hosted AI Models
Article Name
Combat LLMjacking Attack: Protect Cloud-Hosted AI Models
Learn how to defend against LLMjacking attack targeting cloud-hosted AI models. Shield your business from cyber threats today.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter