Attack on Amazon Bedrock-linked AI gateway highlights new cloud security risk
Summary
Attackers compromised an AWS EC2 instance running LiteLLM (a proxy that acts as a gateway to AI models), deployed cryptomining malware, and attempted to abuse cloud permissions and AI services. The incident reveals a broader security risk: AI gateways concentrate access to cloud identities, permissions, and AI models in a single system, making them extremely valuable targets that can give attackers broad access to an organization's cloud infrastructure and AI resources.
Solution / Mitigation
According to Jason Soroko at Sectigo, security teams should close public admin paths, remove long-term keys where possible, scope IAM permissions (limit what access credentials can do), monitor Bedrock and model access patterns, and correlate workload telemetry (performance data from running systems) with control-plane events (administrative actions in the cloud).
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4194984/attack-on-amazon-bedrock-linked-ai-gateway-highlights-new-cloud-security-risk.html
First tracked: July 9, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%