“Cryptomining can be a lucrative business after compromise in cloud environments”: Experts warn that AI gateways connected to Amazon Bedrock are being hijacked to steal crypto


  • Darktrace Reports Cryptojacking via Compromised AI Gateway (LiteLLM‑Proxy on AWS Bedrock), Breached via Exposed SSH and Abused with XMRig Mining
  • The attackers also showed suspicious IAM activity, hinting at possible misuse of cloud credentials, with connections traced to Vietnam.
  • Experts warn that AI gateways concentrate privileged access, advocating strict port closures, least privilege roles, and control plane monitoring to reduce the blast radius.

If you use AI gateways as part of your tech stack, beware: They are being exploited in cryptojacking attacks, experts have warned.

Cybersecurity researchers Darktrace have released a new report on a cloud-hosted AI gateway connected to Amazon Bedrock that was compromised and used for cryptocurrency mining.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top