What happened
Darktrace researchers (reported by CSO Online, 2026-07-09) found attackers compromising an AWS EC2 instance acting as a LiteLLM proxy for Amazon Bedrock, ultimately deploying XMRig cryptomining malware and attempting to abuse associated cloud identities and Bedrock model access.
Why it matters
While the attack itself used commodity techniques, security experts emphasized that AI gateways like LiteLLM proxies concentrate cloud credentials, permissions, and foundation-model access into a single high-privilege choke point, meaning a routine intrusion pattern now lands on a much more consequential asset than in pre-AI cloud environments.
Attack vector
Attackers brute-forced SSH (exposed to the internet on port 22) on an AWS EC2 instance running a LiteLLM proxy for Amazon Bedrock, then deployed XMRig cryptomining malware and attempted to abuse the instance's IAM role to enumerate and invoke Bedrock foundation models and perform further cloud identity abuse (LLMjacking-style).
Affected systems
LiteLLM proxy deployments fronting Amazon Bedrock on AWS EC2
Mitigation
Never expose SSH management ports for AI gateway hosts to the public internet; apply least-privilege IAM roles scoped tightly to required Bedrock actions; monitor AI gateway hosts for anomalous outbound connections and foundation-model invocation patterns.