Artificial Intelligence

LLMs in Attacker Crosshairs, Warns Threat Intel Firm

Threat actors are hunting for misconfigured proxy servers to gain access to APIs for various LLMs.

AI hack

Threat actors have been probing misconfigured proxy servers that could provide them with access to LLM APIs, threat intelligence firm GreyNoise reports.

Between October 2025 and January 2026, the company’s honeypots captured over 91,000 attack sessions, including assaults associated with two campaigns.

The first started in October and relied on ProjectDiscovery’s OAST (Out-of-band Application Security Testing) infrastructure to exploit server-side request forgery (SSRF) vulnerabilities.

The campaign spiked over Christmas and most of the attacks had the same signature, suggesting automated tooling.

Based on the observed VPS-based attack infrastructure, GreyNoise believes that the campaign was conducted by security researchers or bug hunters, but does not exclude the possibility of a grey-hat operation.

The second campaign started on December 28 and involved 80,469 attack sessions over an 11-day period. The attackers were probing more than 70 LLM model endpoints, looking for misconfigurations that could leak access to commercial APIs, GreyNoise explains.

Advertisement. Scroll to continue reading.

The attacks performed reconnaissance against models from OpenAI (GPT-4o and variants), Anthropic (Claude Sonnet, Opus, Haiku), Meta (Llama 3.x), DeepSeek (DeepSeek-R1), Google (Gemini), Mistral, Alibaba (Qwen), and xAI (Grok).

“Test queries stayed deliberately innocuous with the likely goal to fingerprint which model actually responds without triggering security alerts,” GreyNoise notes.

The attacks originated from two IP addresses associated with the exploitation of more than 200 vulnerabilities, including CVE-2025-55182 (React2Shell) and CVE-2023-1389, a command injection bug in TP-Link Archer AX21 routers.

According to GreyNoise, the campaign is likely mounted by a threat actor conducting reconnaissance to build a target list in preparation for a larger exploitation operation.

Related: Rethinking Security for Agentic AI

Related: Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats

Related: WormGPT 4 and KawaiiGPT: New Dark LLMs Boost Cybercrime Automation

Related: Five Cybersecurity Predictions for 2026: Identity, AI, and the Collapse of Perimeter Thinking

Related Content

Artificial Intelligence

Researchers demonstrate adversarial hallucination squatting against popular AI assistants to achieve remote code execution.

Artificial Intelligence

Two announcements on July 7, 2026, demonstrate the government’s determination to improve the level of cybersecurity within the UK.

Artificial Intelligence

Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval.

Artificial Intelligence

The "Rogue Agent" vulnerability could have enabled attackers to silently manipulate AI conversations, exfiltrate data, and compromise every Dialogflow CX agent within the same...

Artificial Intelligence

Researchers show how attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositories without authentication.

Artificial Intelligence

The audits are reportedly being spearheaded by CISA’s Attack Surface Evaluation team, a specialized unit tasked with conducting digital defense assessments and simulated hacking...

Artificial Intelligence

Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions.

Artificial Intelligence

As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they...

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version