Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI infrastructure honeypots: what attackers are doing in practice


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: Nearly 10,000 attack attempts have targeted AI infrastructure, including active exploitation of LiteLLM flaws within days of disclosure and hijacked endpoints used for offensive operations, according to Zenity. The evidence suggests AI endpoint governance now needs exposure control, authentication, and monitored egress rather than assumptions that detection can wait for production telemetry.

NHIMG editorial — based on content published by Zenity: Proof Over Prediction, which examines real attacker behaviour against AI infrastructure

By the numbers:

Questions worth separating out

Q: How should security teams protect exposed AI infrastructure from real attacker probing?

A: Treat exposed AI gateways, inference servers, and agent endpoints as privileged control points.

Q: Why do AI gateways create more risk than ordinary application proxies?

A: AI gateways often hold master keys, provider credentials, and routing authority for multiple downstream services.

Q: What do security teams get wrong about AI endpoint exposure?

A: They often assume the main risk is model misuse, when the bigger issue is infrastructure abuse.

Practitioner guidance

  • Harden AI gateways as privileged control planes Place authentication, strict network segmentation, and outbound allowlisting around gateways that broker model traffic or store provider credentials.
  • Reduce the value of exposed connection paths Separate health checks and connection-test functions from secret-bearing traffic flows.
  • Detect offensive use of AI runtime environments Alert on long-running sessions, repeated retry loops, sudden bursts of outbound scanning, and multi-agent orchestration that does not match normal workload behaviour.

What's in the full report

Zenity's full research covers the operational detail this post intentionally leaves for the source:

  • CVE-by-CVE timelines showing how quickly AI gateway exploitation followed public disclosure
  • Observed attacker payload structures, including probe-to-exploit progressions and credential exfiltration attempts
  • Session-level evidence from hijacked AI endpoints used for offensive operations and autonomous agent runs
  • Detection rule examples built from real attacker behaviour, not just theoretical attack paths

👉 Read Zenity's analysis of real attacker behaviour against AI infrastructure →

AI infrastructure honeypots: what attackers are doing in practice?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
Share: