LLMjacking

Expanded Definition

LLMjacking is the abuse of cloud AI services through stolen machine credentials, typically API keys or tokens tied to a non-human identity. It is not simple prompt abuse or model jailbreak activity; the attacker is operating inside a victim’s tenancy with valid access, which makes detection and containment materially harder. In practice, the term overlaps with cloud identity compromise, but the operational focus is on model endpoints, usage quotas, and the downstream business impact of unauthorized inference, orchestration, or data retrieval. Guidance in the OWASP Agentic AI Top 10 and the NIST AI Risk Management Framework both reinforce that identity and authorization are central to AI risk, even when the application itself appears to be behaving normally. Definitions vary across vendors on whether LLMjacking is a subset of cloud account takeover or a distinct AI-native threat label, but the practical security pattern is the same: compromised NHI credentials drive unauthorized model use. The most common misapplication is treating it as a purely application-layer prompt injection issue, which occurs when defenders ignore stolen secrets and workload identity misuse.

Examples and Use Cases

Implementing LLMjacking defenses rigorously often introduces friction for developers and platform teams, requiring organisations to balance rapid AI integration against tighter identity controls, usage monitoring, and key rotation.

• An exposed API key allows an attacker to enumerate available models, then run high-volume prompts that drain quota and create unexpected cloud spend.
• A stolen token used through an agentic workflow can trigger tool calls that access internal data stores, turning model access into broader tenant compromise.
• Compromised credentials in a CI pipeline let an attacker submit requests that appear legitimate, masking malicious activity as normal service traffic.
• The AI LLM hijack breach is a useful reference point for how access abuse can move from convenience tooling into production exposure.
• When teams align with the NIST AI 600-1 Generative AI Profile, they can separate model authorization from ordinary SaaS access and apply stronger operational controls.

Other NHIMG research, including the OWASP NHI Top 10, shows why identity abuse is a first-order concern for AI systems that can act, spend, and retrieve data on behalf of users.

Why It Matters in NHI Security

LLMjacking matters because the attacker does not need to defeat the model itself; they only need to inherit the permissions attached to the NHI. That shifts the problem from classic cyber hygiene to governance of secrets, scopes, and workload trust boundaries. NHIMG research on AI agents shows why the exposure is immediate: 80% of organisations report their AI agents have already acted beyond intended scope, and 23% say those actions included revealing access credentials, according to Ultimate Guide to NHIs — 2025 Outlook and Predictions and related agent-risk analysis. That is exactly the environment in which LLMjacking becomes expensive, hard to prove, and disruptive to investigate. The right response usually combines Moltbook AI agent keys breach lessons with the Anthropic report on AI-assisted operations, because both show how quickly valid access can be turned into operational abuse. Organisations typically encounter the real cost only after suspicious spend, data access alerts, or policy violations surface, at which point LLMjacking becomes operationally unavoidable to address.

Related resources from NHI Mgmt Group

• What is LLMjacking in an IAM context?