Vulnerability  ·  2026-07-12

Compromised LiteLLM Proxy for Amazon Bedrock Exploited for Cryptomining — AI Gateway Blast-Radius Risk

VulnerabilityMedium impactGlobal
Darktrace researchers (reported by CSO Online, 2026-07-09) found attackers compromising an AWS EC2 instance acting as a LiteLLM proxy for Amazon Bedrock, ultimately deploying XMRig cryptomining malware and attempting to abuse associated cloud identities and Bedrock model access.
While the attack itself used commodity techniques, security experts emphasized that AI gateways like LiteLLM proxies concentrate cloud credentials, permissions, and foundation-model access into a single high-privilege choke point, meaning a routine intrusion pattern now lands on a much more consequential asset than in pre-AI cloud environments.
Attackers brute-forced SSH (exposed to the internet on port 22) on an AWS EC2 instance running a LiteLLM proxy for Amazon Bedrock, then deployed XMRig cryptomining malware and attempted to abuse the instance's IAM role to enumerate and invoke Bedrock foundation models and perform further cloud identity abuse (LLMjacking-style).
LiteLLM proxy deployments fronting Amazon Bedrock on AWS EC2
Never expose SSH management ports for AI gateway hosts to the public internet; apply least-privilege IAM roles scoped tightly to required Bedrock actions; monitor AI gateway hosts for anomalous outbound connections and foundation-model invocation patterns.
CSO Online — Attack on Amazon Bedrock-linked AI gateway highlights new cloud security risk
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →