HighThreat Report
Hackers scan misconfigured proxies to steal access to paid LLM services, GreyNoise warns
GreyNoise telemetry shows threat actors actively mapping the AI attack surface, including systematic probing of misconfigured proxy layers that could expose paid LLM access. Over 80,000 enumeration sessions in 11 days targeted more than 73 model endpoints across major providers, using low-noise prompts to avoid triggering defenses. While exploitation was not confirmed, the activity signals preparation for cost fraud, data exposure, and follow-on intrusions against AI gateways.
Comments
Want to join the discussion?
Create an account to unlock exclusive member content, save your favorite articles, and join our community of IT professionals.
New here? Create a free account to get started.