How unsecured AI endpoints can enable resource theft and unauthorized AI-powered activity.
Key Takeaways:
Cybercriminals are hijacking exposed enterprise AI backends to power autonomous agents, offensive tools, and reconnaissance operations. The new research warns that unsecured AI infrastructure is emerging as the next frontier of resource theft, which allows attackers to exploit enterprise AI capabilities without first breaching the network.
🎬 Watch This Week in IT.
According to Zenity researchers, attackers direct their AI agents at publicly accessible enterprise endpoints and use them to perform offensive tasks. If an AI endpoint is exposed and lacks proper protections, an attacker can configure an AI agent or client to use that endpoint as its model provider.
Attackers leverage autonomous penetration-testing tools like Strix and HexStrike AI, as well as AI-agent workflows built on OpenAI Codex, through an exposed infrastructure. Some observed agents were instructed to operate aggressively and conceal their identity while conducting reconnaissance and testing against external targets.
Zenity found numerous attempts to exploit critical LiteLLM vulnerabilities (such as remote code execution and SSRF flaws) sometimes beginning immediately after patches became available. In some cases, researchers found evidence of development environments, Git histories, reconnaissance scripts, and other operational details being unintentionally exposed through AI workflows.
Organizations should treat AI infrastructure with the same level of security attention as other internet-facing systems. IT teams shouldn’t leave AI gateways, inference endpoints, and agent platforms publicly accessible, and access should be protected through strong authentication, network controls, and continuous monitoring.
It’s highly recommended to maintain and patch AI-related software promptly. Attackers attempt to exploit new vulnerabilities in LiteLLM almost immediately after patches are released. Organizations should keep AI gateways updated, monitor for unusual AI usage patterns, and investigate unexpected spikes in model consumption that could indicate unauthorized use of AI resources.