Military & Security

Darktrace finds AI gateway with Amazon Bedrock access hijacked for cryptomining

· July 9, 2026
Darktrace finds AI gateway with Amazon Bedrock access hijacked for cryptomining

What happened

Darktrace uncovered a cloud intrusion where a compromised AI gateway linked to Amazon Bedrock was hijacked to mine cryptocurrency. The gateway ran on an Amazon Elastic Compute Cloud (EC2) instance called “LiteLLM-Proxy” using open-source LiteLLM software. Attackers gained control of this proxy, which had authorized access to Amazon Bedrock, allowing them to leverage AI infrastructure for illicit cryptomining operations.

Why it matters

This breach exposes a new attack surface in AI cloud deployments. Gateways with access to managed AI services like Amazon Bedrock can be repurposed for resource-heavy tasks like cryptomining if compromised. For cloud operators and builders, it raises the stakes on securing AI infrastructure components, especially proxies or middleware that connect to native AI services. Cryptomining drives up cloud costs and strains capacity, not to mention the security risks of unauthorized access to sensitive AI resources.

What to watch next

Watch for increased scrutiny on AI gateway security and tighter controls around cloud AI service credentials. Providers and operators will need stronger authentication and monitoring for AI service access points to prevent similar hijacks. This case also points to potential regulatory interest in policing cryptocurrency mining on cloud resources due to its hidden costs and risks. Teams running hybrid AI workloads should audit exposed backend systems for cryptomining footprints and anomalous activity.

AI Quick Briefs Editorial Desk

Stay ahead of AI Get the most important AI news delivered to your inbox — free.