- GreyNoise recorded 91,000 attack sessions against exposed AI systems between October 2025 and January 2026.
- Campaigns included encouraging servers to “call home” and mass surveys to map AI models.
- Malicious actors targeted misconfigured proxies and tested OpenAI, Gemini, and other LLM APIs at scale.
Hackers are targeting misconfigured proxies to see if they can penetrate the underlying Large Language Model (LLM) service, experts have warned.
GreyNoise researchers recently set up a fake AI system on display to see who would attempt to interact with it.
Between October 2025 and January 2026, they recorded over 91,000 attack sessions which revealed two attack campaigns.
A systematic approach
In the first campaign, they saw a threat actor attempt to trick AI servers into connecting to a server under their control. They tried to abuse features such as template uploads or webhooks, forcing the server to “phone home” without the owner’s knowledge. Attackers would then monitor the callbacks to confirm whether the underlying system is vulnerable.
During the second campaign, GreyNoise saw two IPs hammer exposed AI endpoints tens of thousands of times. The goal was not to intervene immediately, but rather to map which AI models were accessible and what their configurations were. They sent very simple questions like “How many states are there in the United States” to determine which AI model is being used, without raising any alarms.
They systematically tested OpenAI-style APIs, Google Gemini formats, and dozens of major model families, looking for proxies or gateways that accidentally expose paid or internal access to AI.
GreyNoise also wanted to make sure this wasn’t the work of an amateur or cybersecurity researcher. The fact that the infrastructure used in the second campaign had a long history of exploiting vulnerabilities in the real world and that the campaign peaked during the Christmas holidays confirmed that it was in fact the work of a malicious actor.
“OAST recalls are standard vulnerability research techniques. But their scale and the timing of Christmas suggest gray hat operations are pushing the envelope,” GreyNoise confirmed.
Additionally, the researchers said the same servers were seen before searching for hundreds of CVEs.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
