LLMjacking: How hackers steal your AI API keys and stick you with the bill

AI tools can turn a team of three developers into a fully functioning company. They can also push that company to the brink of bankruptcy.

On this week’s Security Intelligence, we talk LLMjacking: Hackers steal your AI API keys and then rack up massive bills, even blowing past usage caps in some cases. One small startup saw its typical bill balloon from $180 a month to $82,000 in two days.

We chat about what makes AI API keys vulnerable and how we can tighten our defenses to keep these vital credentials safe.

Then we get into how AI is transforming adversary simulation and red teaming, and why the human is still the most important part of the loop.

Finally, CISA is considering cutting the federal patch window from two weeks to three days. Can we actually move that fast?

Segments:

00:00 – Intro

1:15 -- What is LLMjacking?

12:29 -- AI and adversary simulations

22:09 -- Can we patch faster?

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence