Artificial intelligence gateways are becoming prime targets for cybercriminals as organizations integrate generative AI tools with cloud platforms like Amazon Bedrock. These gateways serve as intermediaries between users, business applications, and large language models, making them appealing entry points for attackers aiming to infiltrate enterprise networks.
Investigating AI Gateway Breaches
An investigation led by Darktrace recently uncovered a compromised Amazon Web Services (AWS) EC2 instance titled “LiteLLM-Proxy.” This instance functioned as an AI gateway linked to Amazon Bedrock through an Identity and Access Management (IAM) role. Following the breach, the server was observed downloading XMRig cryptomining malware and frequently connecting to known mining infrastructure.
AI gateways handle tasks like authentication, model routing, logging, and policy controls, while also managing access to foundational models. Due to their role in maintaining cloud permissions and service credentials, breaching one can jeopardize more than a single server.
Cybercriminals Exploit AI Gateways
Upon gaining access to an AI gateway, attackers can potentially reach cloud identities, sensitive prompts, AI model services, and application workflows. The Darktrace investigation commenced on June 12, 2026, when unusual cryptomining activities were detected from the LiteLLM-Proxy EC2 instance. This host had an exposed SSH port accessible from any IP address, resulting in numerous short-lived SSH connection attempts.
The investigation noted an IP address, 145.241.123[.]102, frequently attempting to connect. Although investigators could not confirm successful SSH logins, the exposed service and brute-force-like activity suggested SSH as a probable initial access method. Cloud services exposed to the internet are commonly targeted by attackers seeking to exploit weak passwords, exposed credentials, or vulnerable software configurations.
Stages of the Attack
The attackers’ approach involved several key stages: exposing SSH access on the LiteLLM Proxy AI gateway, downloading the XMRig cryptomining malware, and establishing communication with a mining pool. The compromised host initiated frequent HTTPS connections to a cryptomining pool associated with the domain pool.hasvault[.]pro.
Behavioral monitoring identified this activity as resource hijacking, prompting Darktrace to escalate the event upon detecting active cryptomining on the cloud workload. Further investigation revealed suspicious IAM activity, wherein a user accessed AWS services via the AWS Command-Line Interface from a Vietnam-based IP address, raising concerns about credential misuse.
Strengthening AI Gateway Security
Organizations are advised to implement stringent security measures to protect AI gateways. Recommended actions include restricting SSH access, avoiding long-term access keys, applying least-privilege IAM policies, and monitoring AI gateway logs. Tracking unusual outbound network traffic is also crucial.
As AI gateways become central to accessing models and cloud services, they are increasingly attractive targets for attackers. Security teams must correlate identity, workload, network, and cloud control-plane activities to detect breaches early, preventing attackers from escalating from cryptomining to more extensive enterprise operations.
