logo

282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

ID: f2431ae8-9328-58ca-a728-b51b9887b69d

STIX ID: report--f2431ae8-9328-58ca-a728-b51b9887b69d

Feed Name: The Hacker News

Threat Score
70/100

Date Published: 2026-06-30

Date Updated: 2026-07-01

Author: [email protected] (The Hacker News)

...
...

A Wake Forest University study tested 444 iPhone AI chatbot apps and found 282 leaking paid AI access credentials via plaintext API keys, open backend relays that require no authentication, or replayable tokens; these leaks enable 'LLMjacking' (attackers running models on victims' accounts and charging the developer). The leaks affect many app categories and AI providers, only 28% of affected apps were clearly remediated after three months, and researchers urge developers, AI providers, and Apple to change practices to prevent further abuse.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.