Cybersecurity experts report ongoing campaigns targeting misconfigured proxy servers to access large language model (LLM) services. These activities involve probing dozens of endpoints and using benign queries to avoid detection. #LLMEndpoints #SSRFAttacks
Keypoints
- Threat actors are systematically hunting for misconfigured proxy servers to access LLM services.
- The campaigns involve probing over 73 endpoints and generating more than 80,000 sessions.
- Many activities are likely conducted by security researchers or bug bounty hunters using vulnerability assessment tools.
- Attackers use low-noise prompts and harmless queries to avoid triggering security alerts during scans.
- Defensive strategies include restricting model pulls to trusted sources and implementing egress filtering and rate limiting.