LLMjacking targets DeepSeek

LLMjacking, a cybersecurity threat identified by the Sysdig Threat Research Team, involves the unauthorized use of large language models (LLMs) via stolen cloud credentials, leading to significant financial losses for victims. Since its discovery in May 2024, this form of attack has evolved, targeting new LLMs like DeepSeek and expanding methods for exploitation. The attacks have gained public attention, exemplified by a Microsoft lawsuit against cybercriminals misusing generative AI services. Cybercriminals leverage OpenAI Reverse Proxy (ORP) servers to illegally access and use LLMs, often trading access on the black market due to the high operational costs of LLMs. The rapid adoption of new models by attackers, such as the swift integration of DeepSeek-V3 and DeepSeek-R1, highlights the adaptability of these threats. Strategies for protecting against LLMjacking include securing access keys and monitoring account behavior, crucial as the threat continues to grow with the increasing demand for advanced LLMs.