Hackers are going after top LLM services by cracking misconfigured proxies (www.techradar.com)

Researchers at GreyNoise have reported a surge in cyberattacks targeting exposed AI systems, noting over 91,000 attack sessions from October 2025 to January 2026. The hackers primarily focused on misconfigured proxies of leading Large Language Model (LLM) services, including OpenAI and Google's Gemini. Two distinct attack campaigns were identified: one involved deceptive tactics aimed at tricking AI servers into connecting to compromised systems, while the other involved mass probing to identify which AI models were accessible, utilizing simple queries to avoid detection. This alarming trend underscores the vulnerabilities in AI infrastructure, highlighting the risks associated with poorly secured proxies that may inadvertently expose sensitive AI services. The systematic approach to testing and mapping configurations could allow malicious actors to exploit these weaknesses further, potentially leading to unauthorized access or data breaches. As AI/MS technology continues to advance, it becomes increasingly crucial for developers and organizations to prioritize robust security measures to protect their systems from such sophisticated and persistent threats.