Großangriff auf offene KI-Dienste

8 hours ago 1

Hands typing on laptop beside tablet and smartphone, cloud and analytics overlays highlight technology, strategy and transformation powering business innovation with data insights - stock photo

(Image credit: Getty Images / Issarawat Tattong)

GreyNoise logged 91,000 attack sessions against exposed AI systems between Oct 2025 and Jan 2026
Campaigns included tricking servers into “phoning home” and mass probing to map AI models
Malicious actors targeted misconfigured proxies, testing OpenAI, Gemini, and other LLM APIs at scale

Hackers are targeting misconfigured proxies in order to see if they can break into the underlying Large Language Model (LLM) service, experts have warned.

Researchers at GreyNoise recently set up a fake, exposed AI system to see who would try to interact with it.

Between October 2025, and January 2026, they logged more than 91,000 attack sessions which exposed two attack campaigns.

A systematic approach

In the first campaign, they saw a threat actor trying to trick AI servers into connecting to a server under their control. They tried abusing features like model downloads or webhooks, forcing the server to “phone home” without the owner knowing. The attackers would then watch for callbacks to confirm if the underlying system is vulnerable

In the second campaign, GreyNoise saw two IP addresses hammering exposed AI endpoints tens of thousands of times. The goal was not to break in immediately, but instead to map which AI models were reachable, and what their configurations were. They sent very simple questions such as “How many states are there in the US” in order to determine which AI model is being used, without triggering any alarms.

They systematically tested OpenAI-style APIs, Google Gemini formats, and dozens of major model families, looking for proxies or gateways that accidentally expose paid or internal AI access.

GreyNoise also wanted to make sure this wasn’t the work of a hobbyist, or a cybersecurity researcher. The fact that the infrastructure used in the second campaign has a long history of real-world vulnerability exploitation, and that the campaign peaked during the Christmas break, confirmed that it was, in fact, the work of a malicious actor.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

"OAST callbacks are standard vulnerability research techniques. But the scale and Christmas timing suggest grey-hat operations pushing boundaries,” GreyNoise confirmed.

Furthermore, the researchers said the same servers were seen before scanning for hundreds of CVEs.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read Entire Article