{"data":{"id":"89c9a9a6-daba-41b8-8d89-9c78670b6111","title":"Attack on Amazon Bedrock-linked AI gateway highlights new cloud security risk","summary":"Attackers compromised an AWS EC2 instance running LiteLLM (a proxy that acts as a gateway to AI models), deployed cryptomining malware, and attempted to abuse cloud permissions and AI services. The incident reveals a broader security risk: AI gateways concentrate access to cloud identities, permissions, and AI models in a single system, making them extremely valuable targets that can give attackers broad access to an organization's cloud infrastructure and AI resources.","solution":"According to Jason Soroko at Sectigo, security teams should close public admin paths, remove long-term keys where possible, scope IAM permissions (limit what access credentials can do), monitor Bedrock and model access patterns, and correlate workload telemetry (performance data from running systems) with control-plane events (administrative actions in the cloud).","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4194984/attack-on-amazon-bedrock-linked-ai-gateway-highlights-new-cloud-security-risk.html","publishedAt":"2026-07-09T13:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Amazon","LangChain"],"affectedVendorsRaw":["Amazon Bedrock","AWS","LiteLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-09T13:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}