
Attack on Amazon Bedrock-linked AI gateway highlights new cloud security risk
A cloud intrusion that ended with the deployment of cryptomining malware has exposed a bigger risk for enterprises: AI gateways that concentrate access to cloud identities, permissions, and foundation models in a single, highly privileged system.
Researchers from cybersecurity firm Darktrace found attackers compromising an AWS EC2 instance acting as a LiteLLM proxy for Amazon Bedrock, eventually deploying XMRig cryptomining malware, along with attempts to abuse cloud identities and AI services.
Although the attack ended in cryptomining, researchers said the bigger concern is that AI gateways centralize model access, identities, and cloud privileges, making them valuable targets.
Experts foun...