- GreyNoise logged 91,000 attack sessions against exposed AI systems between Oct 2025 and Jan 2026
- Campaigns included tricking servers into “phoning home” and mass probing to map AI models
- Malicious actors targeted misconfigured proxies, testing OpenAI, Gemini, and other LLM APIs at scale
Hackers are targeting misconfigured proxies in order to see if they can break into the underlying Large Language Model (LLM) service, experts have warned.
Researchers at GreyNoise recently set up a fake, exposed AI system to see who would try to interact with it.
Between October 2025, and January 2026, they logged more than 91,000 attack sessions which exposed two attack campaigns.
A systematic approach
In the first campaign, they saw a threat actor trying to trick AI servers into connecting to a server under their control. They tried abusing features like model downloads or webhooks, forcing the server to “phone home” without the owner knowing. The attackers would then watch for callbacks to confirm if the underlying system is vulnerable
In the second campaign, GreyNoise saw two IP addresses hammering exposed AI endpoints tens of thousands of times. The goal was not to break in immediately, but instead to map which AI models were reachable, and what their configurations were. They sent very simple questions such as “How many states are there in the US” in order to determine which AI model is being used, without triggering any alarms.
They systematically tested OpenAI-style APIs, Google Gemini formats, and dozens of major model families, looking for proxies or gateways that accidentally expose paid or internal AI access.
GreyNoise also wanted to make sure this wasn’t the work of a hobbyist, or a cybersecurity researcher. The fact that the infrastructure used in the second campaign has a long history of real-world vulnerability exploitation, and that the campaign peaked during the Christmas break, confirmed that it was, in fact, the work of a malicious actor.
“OAST callbacks are standard vulnerability research techniques. But the scale and Christmas timing suggest grey-hat operations pushing boundaries,” GreyNoise confirmed.
Furthermore, the researchers said the same servers were seen before scanning for hundreds of CVEs.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/osBMdrVYkfyWMZENMbihE8-2119-80.jpg
Source link
