LLMjacking
What is LLMjacking?
LLMjackingAn attack in which adversaries use stolen cloud credentials to access and abuse hosted large language model services, running up large inference bills for the victim or reselling the access.
LLMjacking is a cloud abuse technique, named by the Sysdig Threat Research Team in 2024, in which attackers obtain stolen or leaked cloud credentials and use them to access managed large language model (LLM) services such as Amazon Bedrock or Azure OpenAI. Rather than exfiltrating data, the attacker consumes paid model inference at the victim's expense, often probing which models and quotas are enabled before driving heavy usage that can generate very large bills. Stolen keys are frequently funneled through reverse-proxy tooling so the operators or their customers can query premium models anonymously, effectively reselling someone else's cloud account. LLMjacking is conceptually similar to cryptojacking but targets AI inference capacity instead of cryptocurrency mining, and it is mitigated by guarding credentials, restricting model permissions, and monitoring for anomalous usage and cost spikes.
● Examples
- 01
Sysdig researchers disclosed an LLMjacking campaign in 2024 in which attackers used credentials stolen via a vulnerable application to access cloud-hosted LLMs.
- 02
A security team detects LLMjacking after CloudTrail shows unexpected Bedrock InvokeModel calls from an unfamiliar region driving a sudden cost spike.
● Frequently asked questions
What is LLMjacking?
An attack in which adversaries use stolen cloud credentials to access and abuse hosted large language model services, running up large inference bills for the victim or reselling the access. It belongs to the AI & ML Security category of cybersecurity.
What does LLMjacking mean?
An attack in which adversaries use stolen cloud credentials to access and abuse hosted large language model services, running up large inference bills for the victim or reselling the access.
How does LLMjacking work?
LLMjacking is a cloud abuse technique, named by the Sysdig Threat Research Team in 2024, in which attackers obtain stolen or leaked cloud credentials and use them to access managed large language model (LLM) services such as Amazon Bedrock or Azure OpenAI. Rather than exfiltrating data, the attacker consumes paid model inference at the victim's expense, often probing which models and quotas are enabled before driving heavy usage that can generate very large bills. Stolen keys are frequently funneled through reverse-proxy tooling so the operators or their customers can query premium models anonymously, effectively reselling someone else's cloud account. LLMjacking is conceptually similar to cryptojacking but targets AI inference capacity instead of cryptocurrency mining, and it is mitigated by guarding credentials, restricting model permissions, and monitoring for anomalous usage and cost spikes.
How do you defend against LLMjacking?
Defences for LLMjacking typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for LLMjacking?
Common alternative names include: LLM jacking, LLM hijacking.
● Related terms
- malware№ 279
Cryptojacking
The unauthorized use of someone else's computing resources to mine cryptocurrency, typically via malware or malicious browser scripts.
- ai-security№ 1143
Shadow AI
The use of AI tools, models, or services by employees without the knowledge or approval of an organisation's security, privacy, or governance functions.
- ai-security№ 973
Prompt Injection
An attack that overrides an LLM's original instructions by smuggling adversarial text into the prompt, causing the model to ignore safeguards or execute attacker-chosen actions.
- attacks№ 258
Credential Stuffing
An automated attack that replays large lists of username/password pairs leaked from one service against other services, exploiting password reuse to take over accounts.
- cloud-security№ 213
Cloud Security
The set of policies, controls, and technologies that protect data, applications, and infrastructure hosted in public, private, or hybrid cloud environments.
- defense-ops№ 445
Exfiltration
The MITRE ATT&CK tactic (TA0010) covering techniques used to transfer stolen data out of a victim network to an attacker-controlled location.