all InfoSec news
LLMjacking: Stolen Cloud Credentials Used in New AI Attack
Malware Analysis, News and Indicators - Latest topics malware.news
The Sysdig Threat Research Team (TRT) recently observed a new attack that leveraged stolen cloud credentials in order to target 10 cloud-hosted large language model (LLM) services, known as LLMjacking. The credentials were obtained from a system running a vulnerable version of Laravel (CVE-2021-3129), which is a popular target. Attacks against LLM-based Artificial Intelligence (AI) systems have been discussed often, but mostly around prompt abuse and altering training data. Attackers have other ideas about abusing these systems, including …
ai attack attack attacks cloud credentials cve language laravel large large language model llm order popular research running services stolen sysdig sysdig threat research team system target team threat threat research version vulnerable