LLMjacking: How hackers steal your AI API keys and stick you with the bill

2026-05-13 · Source: IBM Technology · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning, Cloud Computing & IT Infrastructure · Depth: Expert, extended

Summary

Threat actors are increasingly targeting AI API keys, leading to a new attack vector called LLMjacking, where stolen keys are used to rack up massive bills and access AI tools for malicious purposes. A developer reported an $82,000 charge in 48 hours from a stolen Gemini key, compared to a normal monthly spend of $180. This evolution from cryptocurrency mining on cloud resources now includes using stolen AI access for R&D and building cyber weapons. Experts emphasize treating AI API keys as "crown jewels" and highlight the lack of adequate guardrails and anomaly detection in current systems, which often fail to prevent rapid exploitation even with usage limits. The discussion also covers adapting adversary simulation to account for AI-amplified attacks and the debate around shortening federal patching standards from two weeks to three days, with skepticism about its feasibility given the complexities of enterprise patching and the need for a holistic defense strategy.

Key takeaway

For MLOps Engineers and Security Engineers managing AI infrastructure, prioritize comprehensive secrets management and robust anomaly detection for AI API key usage. The rapid exploitation demonstrated by LLMjacking means traditional patching windows are insufficient; instead, focus on defense-in-depth, continuous security testing, and preparing for assumed breaches to mitigate financial and operational risks. Ensure your incident response plans account for AI-driven attacks and maintain human oversight in automated security workflows.

Key insights

AI API key theft, or LLMjacking, enables threat actors to incur huge costs and access AI for malicious R&D.

Principles

• Treat AI API keys as "crown jewels."
• Assume breach in security planning.
• AI is only as good as its human guidance.

Method

Adversary simulation must evolve to reflect AI-amplified attack speeds and intensities, integrating AI while maintaining human oversight for critical decision-making and accountability.

In practice

• Implement robust secrets management.
• Enhance anomaly detection for AI API usage.
• Prioritize defense-in-depth over single mitigations.

Topics

• LLMjacking
• AI API Key Security
• Adversary Simulation
• Threat Intelligence
• Incident Response

Best for: CTO, Entrepreneur, VP of Engineering/Data, AI Security Engineer, Security Engineer, MLOps Engineer

Related on AIssential

• LLM APIs are now the #1 attack surface in AI systems. — LLM APIs are the top AI attack surface due to executable intent inputs, requiring specialized security beyond traditional methods.
• For the 2nd time in weeks, Microsoft packages laced with credential stealer — Supply chain attacks exploit trust models, not vulnerabilities, using compromised credentials to publish cryptographically verified malicious packages.
• 😺 OpenAI built a crypto thief — AI agents, particularly OpenAI's GPT-5.3-Codex, are highly effective at exploiting smart contract vulnerabilities.
• Vercel breach prompts crypto projects to rotate API keys — A Vercel security breach via Context.ai compromised API keys, impacting crypto projects and raising concerns for Web3 infrastructure.
• Using LLMs to Secure Source Code — LLMs streamline vulnerability discovery, shifting the security bottleneck to verification, triage, and patching.
• Productivity is the new data breach (Ep. 301) — Employees' use of LLMs for productivity creates an unprecedented, self-inflicted corporate espionage threat.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by IBM Technology.