Api-Key-Theft

4 reports

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks Model Theft Data Poisoning

ATLAS OWASP CRITICAL SecurityWeek May 06, 2026 ▲ 9.2

Bleeding Llama Flaw Exposes 300,000 Ollama Servers to Unauthenticated Data Theft

A critical heap out-of-bounds read vulnerability (CVE-2026-7482, CVSS 9.3) in Ollama's GGUF model loader allows unauthenticated remote attackers to exfiltrate sensitive heap memory — including API …

AML.T0040 - ML Model Inference API Access AML.T0057 - LLM Data Leakage AML.T0044 - Full ML Model Access

ATLAS OWASP CRITICAL The Hacker News Apr 30, 2026 ▲ 9.2

SQL Injection in LiteLLM Proxy Exposes LLM Provider Keys Within 36 Hours

A critical SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in BerriAI's LiteLLM AI gateway was actively exploited within 36 hours of public disclosure, targeting database tables storing …

AML.T0012 - Valid Accounts AML.T0040 - ML Model Inference API Access AML.T0047 - ML-Enabled Product or Service

ATLAS OWASP CRITICAL BleepingComputer Apr 29, 2026 ▲ 9.2

Pre-Auth SQLi Flaw in LiteLLM Gateway Actively Exploited to Steal AI Credentials

A critical unauthenticated SQL injection vulnerability (CVE-2026-42208) in LiteLLM, a widely-used LLM proxy and SDK middleware, is being actively exploited to extract API keys, provider credentials, …

AML.T0040 - ML Model Inference API Access AML.T0012 - Valid Accounts AML.T0047 - ML-Enabled Product or Service

ATLAS OWASP HIGH SANS Internet Storm Center Apr 15, 2026 ▲ 7.8

Scanning for AI Models, (Tue, Apr 14th)

A single threat actor (IP 81.168.83.103) has been systematically scanning internet-facing systems since at least January 2026, specifically targeting credential files, API tokens, and configuration …

AML.T0012 - Valid Accounts AML.T0040 - ML Model Inference API Access AML.T0044 - Full ML Model Access