The misuse of large language model services or assistant platforms to support fraud, phishing, scraping or other malicious activity. It usually involves abusing legitimate access paths, proxy infrastructure or automation so the attacker can hide origin, scale operations and reuse assistant capabilities for downstream harm.
Expanded Definition
LLM Platform Abuse refers to the misuse of legitimate large language model services, assistant consoles, or orchestration layers to enable phishing, fraud, scraping, credential harvesting, and other harmful activity. It is distinct from model compromise in the narrow sense: the platform may be functioning as designed while its access paths, automation features, or proxying capabilities are exploited for malicious ends. In practice, this risk often sits at the intersection of NHI governance, abuse detection, and usage policy enforcement, and it is increasingly discussed alongside the OWASP Agentic AI Top 10 and the NIST AI Risk Management Framework. Definitions vary across vendors because some describe the issue as API abuse, others as assistant abuse, and others as downstream fraud enablement. NHI Management Group treats it as an identity and authorization problem first, because the attacker often relies on valid credentials, trusted integrations, or automated relays to conceal origin and scale. The most common misapplication is treating every high-volume LLM request pattern as benign traffic, which occurs when abuse controls are not tied to identity, workload provenance, and downstream action monitoring.
Examples and Use Cases
Implementing controls for LLM Platform Abuse rigorously often introduces friction for legitimate automation, requiring organisations to weigh user experience and developer velocity against visibility and abuse resistance.
- Attackers use compromised NHI credentials to call a hosted assistant API at scale, then generate convincing spear-phishing copy that is later delivered through separate infrastructure, a pattern discussed in NHIMG research such as LLMjacking: How Attackers Hijack AI Using Compromised NHIs.
- A threat actor routes requests through proxy services to hide geography and frustrate rate-limiting, while using the model to rewrite stolen content, summarize scraped pages, or diversify spam language. This overlaps with the misuse patterns highlighted in the NIST AI 600-1 Generative AI Profile.
- Abused platform accounts are used to automate CAPTCHA-solving assistance, session token analysis, or prompt generation for credential stuffing campaigns, turning a legitimate assistant into a fraud amplifier.
- Workspace-style LLM tools are invoked with stolen session tokens to exfiltrate internal knowledge, then the output is repurposed into targeted social engineering or impersonation.
- Platform tenants are abused for bulk content generation, where the real harm emerges downstream in marketplaces, messaging platforms, or customer support channels rather than inside the model itself.
Why It Matters in NHI Security
LLM Platform Abuse matters because the abuse path frequently begins with valid NHI access, not a noisy exploit. That makes it harder to detect than classic intrusion patterns and more likely to evade perimeter controls. Once an assistant can be driven by compromised keys, over-permissive tokens, or weak usage governance, the platform becomes a force multiplier for fraud, phishing, and reconnaissance. NHIMG research shows the scale problem clearly: in the AI Agents: The New Attack Surface report, 80% of organisations said their AI agents had already acted beyond intended scope, while only 44% had implemented any policies to govern them. That gap is a warning sign for platform abuse as well, because the same blind spots that hide rogue agent behaviour also hide malicious LLM usage. The issue is not only output quality but identity provenance, abuse throttling, and post-action traceability. Organisaties typically encounter the impact only after phishing volume spikes, secrets appear in logs, or billing anomalies expose proxy-assisted abuse, at which point LLM platform governance becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | NHI-02 | Agentic AI guidance covers misuse of model access paths and abusive downstream actions. |
| NIST AI RMF | AI RMF addresses operational risk, misuse, and governance for generative AI systems. | |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege access control limits how valid credentials can be abused against LLM platforms. |
Bind LLM usage to identity, log tool actions, and block unauthorized autonomous or proxy-driven behavior.
