‘Cryptomining can be a lucrative activity after compromise in cloud environments’: Experts warn of AI gateways connected to Amazon Bedrock being hijacked to steal crypto


  • Darktrace reports cryptojacking via a compromised AI gateway (LiteLLM-Proxy on AWS Bedrock), breached through exposed SSH and exploited with XMRig mining
  • Attackers also showed suspicious IAM activity, suggesting possible misuse of cloud credentials with connections traced to Vietnam
  • Experts warn AI gateways to concentrate privileged access and call for strict port closures, least privileged roles and control plane monitoring to reduce blast radius

If you use AI gateways as part of your technology stack, beware – they are being exploited in cryptojacking attacks, experts have warned.

Cybersecurity researchers Darktrace have published a new report about a cloud-hosted AI gateway connected to Amazon Bedrock that was compromised and used for cryptocurrency mining.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top