What is LLMjacking? How AI Attacks Exploit Stolen Cloud Credentials

As organizations increasingly embrace the power of AI and integrate it into their workflows, new security security considerations are coming into focus. One important area to be aware of is LLMjacking. This involves unauthorized individuals trying to manipulate and exploit your organization's Large Language Models (LLMs), particularly when these models are hosted on cloud services and accessed through online accounts.

While it might not immediately sound like a critical issue, LLMjacking can have real consequences for your business and your customers, including larger data breaches and vulnerability exploits. 

To protect your organization and data, it’s important to understand how LLMjacking works, what the potential risks are, and the steps you can take to keep your LLM and enterprise safe. 

How do LLMjacking attacks work?

The main goal of LLMjacking attacks is to gain access to and hijack an organization’s LLM. Often, this starts with stolen usernames and passwords. These credentials might have been obtained through various methods, including direct theft or purchase from online criminal marketplaces. Unfortunately, discussions about how to carry out LLMjacking attacks are also becoming more common in online communities.

Once these cybercriminals have valid login details, they can effectively "hijack" your organization's LLM, allowing them to interact with it just like a legitimate user.