Cybercriminals are rapidly evolving their tactics for exploiting large language models (LLMs), with recent evidence showing a surge in LLMjacking incidents. Since Sysdig TRT first discovered LLMjacking in May 2024, it says attackers have continuously adapted, targeting new models such as DeepSeek and monetizing stolen credentials through proxy services.
The rapid rise of DeepSeek, an advanced AI model, has not gone unnoticed by malefactors. Following the release of DeepSeek-V3 on 26 December 2024, attackers integrated it into OpenAI Reverse Proxy (ORP) instances within days. A similar pattern followed the launch of DeepSeek-R1 on 20 January this year, highlighting the speed at which threat actors adopt new AI models.
According to Sysdig TRT, multiple ORP instances containing DeepSeek API keys have been found, indicating widespread exploitation. ORP servers, which act as intermediaries for accessing LLM services, have become a major tool for LLMjackers, enabling unauthorized access to AI models while masking user identities.
The Business of Stolen Credentials
Sysdig TRT’s latest investigation uncovered a thriving underground market for stolen AI credentials. One example is an ORP proxy hosted at vip[.]jewproxy[.]tech, which sells access through a storefront for $30 per month. The extensive use of these proxies suggests that multiple cybercriminals are leveraging stolen keys to bypass paywalls and reduce AI usage costs.
A snapshot of one ORP instance revealed staggering statistics:
- Total tokens used: Over 2 billion
- Estimated total cost: Nearly $50,000 in just 4.5 days
- Claude 3 Opus usage: 865.59 million tokens, costing an estimated $38,951.55
- Stolen API keys: Multiple from OpenAI, Google AI, AWS, and Microsoft Azure
These figures highlight the financial impact of LLMjacking, where legitimate cloud account holders are left with exorbitant bills from unauthorized AI usage.
How LLMjackers Operate
The misuse of OpenAI Reverse Proxy (ORP) technology is central to LLMjacking, as it lets threat actors route AI requests through reverse proxies, fly under the radar, and facilitate large-scale abuse. Sysdig researchers found multiple exposed ORPs using stolen credentials, with attackers leveraging cloud services such as AWS and Azure for unauthorized AI interactions.
Credential theft is another key component of LLMjacking operations. Malicious actors obtain credentials through vulnerable services—such as Laravel—or extract them from exposed software packages in public repositories. Once obtained, stolen credentials are verified using automation scripts before being exploited for AI model access.
The Growing LLMjacking Underground
The rise of LLMjacking is fueling an underground economy, with communities forming to share tools and techniques. Cybercriminals frequently communicate via platforms such as Discord and 4chan, with many using pastebin-style sites like Rentry.co to distribute access details.
Sysdig TRT identified over 20 ORP proxies, with some using TryCloudflare tunnels to obscure their origins. Logs from cloud honeypots showed how attackers using LLM-generated Python scripts to interact with ORPs, again, illustrating the sophistication of these operations.
The Urgency for Better AI Security
LLMjacking is a very real financial risk in terms of data security. Unauthorized AI access can lead to sensitive data leaks, corporate espionage, and further cyberattacks. Entities depending on cloud-based LLMs can strengthen their defenses by implementing stricter access controls, monitoring API usage, and securing credentials to prevent unauthorized access.
As LLMs continue to advance, so too will the tactics of cybercriminals. Entities can stay ahead of these threats by adopting robust cybersecurity measures to safeguard their AI resources from exploitation.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.