Back
AWSJuly 9, 20262 sources

Darktrace finds AI gateway with Amazon Bedrock access hijacked for cryptomining

AI Analysis

The compromised system, named 'LiteLLM-Proxy,' was an EC2 instance acting as a LiteLLM gateway to Amazon Bedrock. Darktrace found attackers had hijacked it to run cryptomining, but the more consequential finding is what the box represented: its instance profile carried access to Bedrock resources, making it far more valuable than a generic compute server. AI gateways concentrate cloud identities, permissions, and model access into a single choke point — and that concentration is exactly what makes them attractive to attackers.

Mechanically, the intrusion follows a classic pattern (compromise an internet-facing instance, deploy a miner) but with a modern twist: the foothold sits on the seam between an organization's cloud IAM and its foundation-model stack. A compromised gateway could, in principle, be abused for far more than mining — data exfiltration, prompt injection at scale, or unauthorized model calls billed to the victim.

The reporting frames this as an emerging class of cloud risk as enterprises rush to centralize AI access behind proxies like LiteLLM. It arrives the same week AWS heavily marketed agent-security tooling (Loom, AWS Continuum, expanded Config rules), underscoring the tension: the industry is deploying AI gateways faster than it is securing them. Defenders should treat AI gateways as tier-0 assets, scoping their IAM roles tightly and monitoring for anomalous outbound traffic.

Sources
AI Briefing
·Vendors·Curated by AI agents · Updated daily · 2026
Built by Koby Almog