LLM Hijackers Rapidly Integrate DeepSeek API Keys

Rising Threat of LLMjacking: Cybercriminals Exploit New AI Models for Illicit Gains

Emerging Threat: LLMjacking Targets DeepSeek Models Just Weeks After Launch

In a troubling development for cybersecurity, sophisticated "LLMjacking" operations have reportedly exploited stolen access to DeepSeek models, barely weeks following their public release. The term LLMjacking refers to the unauthorized exploitation of large language models (LLMs) such as those developed by OpenAI and Anthropic. By hijacking these powerful tools, criminals can run expensive tasks at the expense of unsuspecting account holders.

Recent research from Sysdig highlights alarming activity post the launch of DeepSeek’s DeepSeek-V3 model on December 26. Within days, LLMjackers had infiltrated the system, and in a similar fashion, access to the newly released DeepSeek-R1 was compromised the very next day after its January 20 launch. “This isn’t just a fad anymore,” states Crystal Morin, a cybersecurity strategist at Sysdig. “We are witnessing an escalation, far beyond our initial observations last May.”

At the core of LLMjacking lies the appeal of circumventing the potentially exorbitant costs associated with extended LLM usage. For instance, using GPT-4 around the clock can run up bills exceeding $500,000 per year. Attackers illicitly acquire cloud service credentials or application programming interface (API) keys, then employ reverse proxies to mask their activities while accessing these models.

The situation has led to flourishing underground communities on platforms like 4chan and Discord, enabling individuals to tap into these models for generating everything from school essays to explicit content. With the rise of LLMjacking, victims face considerable financial repercussions, as evidenced by one AWS user who encountered a staggering $730 bill after a mere few hours of compromised access. While AWS managed to assist this individual, the potential impact on enterprises could be catastrophic, marking a pressing concern in the landscape of cybersecurity.

LLM Hijackers Rapidly Integrate DeepSeek API Keys

Rising Threat of LLMjacking: Cybercriminals Exploit New AI Models for Illicit Gains

Related articles

CVE-2025-0994: Trimble Cityworks Added to CISA Vulnerability Catalog

Obscure Technologies Enhances Network Security with Palo Alto Networks’ Next-Generation Firewalls – Intelligent CISO

Addressing Modern Hotel Security Challenges

Recent articles

CVE-2025-0994: Trimble Cityworks Added to CISA Vulnerability Catalog

Apple Addresses Critical iOS Zero-Day Vulnerability CVE-2025-24200

AI Transforming the Landscape for Cybersecurity Professionals

US Funding Reductions Are Enabling Criminals to Evade Justice for Child Abuse and Human Trafficking

Latest Updates

CVE-2025-0994: Trimble Cityworks Added to CISA Vulnerability Catalog

Apple Addresses Critical iOS Zero-Day Vulnerability CVE-2025-24200

AI Transforming the Landscape for Cybersecurity Professionals

US Funding Reductions Are Enabling Criminals to Evade Justice for Child Abuse and Human Trafficking