LLMjacking: How attackers use stolen AWS credentials to enable LLMs and rack up costs for victims



The most common API actions called by attackers via compromised credentials earlier this year included InvokeModel, InvokeModelStream, Converse, and ConverseStream. However, attackers were also recently observed using PutFoundationModelEntitlement and PutUseCaseForModelAccess, which are used to enable models, along with ListFoundationModels and GetFoundationModelAvailability, in advance in order to detect which models an account has access to.

This means that organizations that have deployed Bedrock but not activated certain models are not safe. The difference in cost between different models can be substantial. For example, for a Claude 2.x model usage the researchers calculated a potential cost of over $46,000 per day but for models such as Claude 3 Opus the cost could be two to three times higher.

The researchers have seen attackers using Claude 3 to generate and improve the code of a script designed to query the model in the first place. The script is designed to continuously interact with the model, generating responses, monitoring for specific content, and saving the results in text files.

Recent Articles

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here