Security Company Sysdig recently released a report claiming that a large number ofhackerTargeting major LLM large language model web platforms to launch "LLMjacking" attacks, hackers steal user accounts and passwords in a number of ways.model API Resale to third parties, as well as selecting private information from users' conversation logs for blackmail or public sale.
Sysdig said that hackers seem to "favor" the Anthropic Claude v2 / v3 platform, and that they have detected hackers mainly exploiting the crash library and the credentials vulnerability in the PHP framework Laravel (CVE-2021-3129) in their attacks, which are more targeted at enterprise users," said Sysdig.Unsuspecting victims could be paying hackers more than $46,000 per day (currently about RMB333,000) for API usage..
In addition, Hugging Face has already fixed the API credential vulnerability in its platform that allowed hackers to obtain Microsoft / Google / Meta tokens to control the model libraries of several well-known companies.