Summary:
-
Cloud Credential Theft
Organizations losing access to their cloud credentials face a troubling trend where cybercriminals exploit these credentials to create and resell sexualized AI chat services. -
Illicit Chat Bots
These AI-powered chat bots often use custom jailbreaks to bypass content filters and engage in dark role-playing scenarios, including child sexual exploitation. -
Increase in Attacks
Researchers at Permiso Security noted a significant rise in attacks against generative AI infrastructure like AWS Bedrock, especially due to accidental exposure of credentials online. -
Lack of Visibility
Many AWS users do not enable logging (which is off by default), resulting in a lack of oversight regarding how attackers utilize stolen access. -
Test Case Demonstration
To illustrate the issue, Permiso researchers leaked a test AWS key on GitHub with logging enabled. Within minutes, the key was used to offer AI-powered sex chat services, revealing the alarming scale of misuse. -
High Volume of Requests
Over two days, the researchers recorded more than 75,000 successful interactions with the AI models, predominantly involving sexual content, including references to child sexual abuse.
Read more at: Krebs on Security | Permiso Security Blog
!