Threat Actors Target Misconfigured Proxies for Paid LLM Access

First reported

09.01.2026 21:56

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Threat actors are systematically targeting misconfigured proxy servers to gain unauthorized access to commercial large language model (LLM) services. The campaign, which began in late December, has probed over 73 LLM endpoints and generated more than 80,000 sessions. The attackers use low-noise prompts to query endpoints without triggering security alerts. GreyNoise's report indicates two distinct campaigns, one of which exploits server-side request forgery (SSRF) vulnerabilities to force servers to connect to attacker-controlled infrastructure. The other campaign involves high-volume enumeration of exposed or misconfigured LLM endpoints. The targeted models include those from major providers such as OpenAI, Anthropic, Meta, Google, Mistral, Alibaba, and xAI. The activity is likely part of an organized reconnaissance effort to catalog accessible LLM services, though no exploitation or data theft has been observed yet.

Timeline

09.01.2026 21:56 1 articles · 23h ago

Threat Actors Probe Misconfigured Proxies for LLM Access
Since late December, threat actors have systematically targeted misconfigured proxy servers to gain unauthorized access to commercial LLM services. The campaign has probed over 73 LLM endpoints and generated more than 80,000 sessions. The attackers use low-noise prompts to query endpoints without triggering security alerts. GreyNoise's report indicates two distinct campaigns, one of which exploits SSRF vulnerabilities to force servers to connect to attacker-controlled infrastructure. The other campaign involves high-volume enumeration of exposed or misconfigured LLM endpoints. The targeted models include those from major providers such as OpenAI, Anthropic, Meta, Google, Mistral, Alibaba, and xAI.
Show sources

Hackers target misconfigured proxies to access paid LLM services — www.bleepingcomputer.com — 09.01.2026 21:56
Open in new tab

Information Snippets

Threat actors have probed over 73 LLM endpoints and generated more than 80,000 sessions since late December.
First reported: 09.01.2026 21:56

1 source, 1 article
Show sources
- Hackers target misconfigured proxies to access paid LLM services — www.bleepingcomputer.com — 09.01.2026 21:56
The attackers use low-noise prompts to query endpoints without triggering security alerts.
First reported: 09.01.2026 21:56

1 source, 1 article
Show sources
- Hackers target misconfigured proxies to access paid LLM services — www.bleepingcomputer.com — 09.01.2026 21:56
One campaign exploits SSRF vulnerabilities to force servers to connect to attacker-controlled infrastructure.
First reported: 09.01.2026 21:56

1 source, 1 article
Show sources
- Hackers target misconfigured proxies to access paid LLM services — www.bleepingcomputer.com — 09.01.2026 21:56
The second campaign involves high-volume enumeration of exposed or misconfigured LLM endpoints.
First reported: 09.01.2026 21:56

1 source, 1 article
Show sources
- Hackers target misconfigured proxies to access paid LLM services — www.bleepingcomputer.com — 09.01.2026 21:56
Targeted models include those from OpenAI, Anthropic, Meta, Google, Mistral, Alibaba, and xAI.
First reported: 09.01.2026 21:56

1 source, 1 article
Show sources
- Hackers target misconfigured proxies to access paid LLM services — www.bleepingcomputer.com — 09.01.2026 21:56
The activity is likely part of an organized reconnaissance effort to catalog accessible LLM services.
First reported: 09.01.2026 21:56

1 source, 1 article
Show sources
- Hackers target misconfigured proxies to access paid LLM services — www.bleepingcomputer.com — 09.01.2026 21:56

Summary

Timeline

Threat Actors Probe Misconfigured Proxies for LLM Access

Information Snippets