LLMjacking: From Emerging Threat to Black Market Reality

LLMjacking has evolved from isolated incidents into an industrialized cybercrime marketplace: attackers exfiltrate cloud credentials and APIs, scan for exposed MCP/model endpoints, centralize access via reverse proxies, and resell LLM compute and access (Operation Bizarre Bazaar / silver.inc) — producing fraudulent cloud costs and enabling lateral movement and data exposure. Organizations should treat model endpoints and AI integrations as high-value, internet-exposed assets and enforce stronger credential hygiene, inventorying, authentication, rate-limiting, and monitoring.