FlagThis

Reports indicate that large language models (LLMs) are increasingly being used to facilitate supply chain attacks. Cybercriminals are finding it more efficient to steal credentials and jailbreak existing LLMs rather than developing their own. This allows them to leverage the power of AI for nefarious activities, especially in spear phishing and social engineering campaigns. Experts like Crystal Morin, a former intelligence analyst, predict a significant rise in LLM-driven supply chain attacks in 2025 due to the enhanced capabilities in social engineering that LLMs provide.

Security firms like Sysdig have observed an increase in criminals using stolen cloud credentials to gain access to LLMs, with attacks targeting models like Anthropic's Claude. Rather than stealing training data, attackers are often selling access to other criminals, leaving the account owners to bear substantial costs, such as $46,000 per day in some documented cases. A broader script used in these attacks was found to target credentials across a range of AI services, demonstrating the scope and evolving sophistication of these methods. This "LLMjacking" is becoming more common as the landscape of AI security continues to evolve.

ImgSrc: ciso2ciso.com

References:

• CISO2CISO.COM & CYBER SECURITY GROUP - It’s only a matter of time before LLMs jump start supply-chain attacks – Source: go.theregister.com - 5d
• @theregister - It's only a matter of time before LLMs jump start supply-chain attacks 'The greatest concern is with spear phishing and social engineering' Interview  Now that criminals have realized there's no need - 5d
• The Register - Software: AI + ML - It's only a matter of time before LLMs jump start supply-chain attacks - 5d
• @jos1264 - It’s only a matter of time before LLMs jump start supply-chain attacks – Source: go.theregister.com - 5d

Classification:

• HashTags: LLMsecurity SupplyChainRisk AISecurity
• Target: Software Supply Chains
• Product: LLMs
• Feature: LLM Supply Chain Attacks
• Type: Hack
• Severity: Major