Zenity Labs Reveals How Attackers are Weaponizing Enterprise AI Infrastructure

New research exposes how threat actors are hijacking AI infrastructure to run their operations

NEW YORK--(BUSINESS WIRE)-- New research from Zenity Labs found attackers exploiting critical LiteLLM vulnerabilities and hijacking AI infrastructure to conduct attacks against third parties and power their own operations. The findings offer visibility into how attackers are exploiting AI infrastructure, revealing tools, techniques and procedures (TTPs). The research is based on thousands of real-world attack attempts observed across a global network of AI threat intelligence sensors.

Zenity Labs’ sensors recorded multiple instances of attackers abusing exposed LLM endpoints, attempting to attack third parties and power their own operations. In one incident, a threat actor deployed Strix, an autonomous AI pentesting tool, and attempted to direct it against a production e-commerce website. In another, the research uncovered attackers using exposed AI infrastructure as free compute resources, attempting to run their own operations, the AI equivalent of cryptomining. One group routed a multi-agent enterprise workflow through the exposed infrastructure. While another inadvertently exposed their full development environment, git history, and reconnaissance scripts through OpenAI’s Codex. Together, these findings provide rare insights into how attackers are actually using AI for offensive operations and offer a unique window into their TTPs.

Another key insight into attacker behavior is how fast they move. Zenity Labs’ sensors recorded hundreds of exploitation attempts targeting CVE-2026-40217, a critical remote code execution vulnerability on LiteLLM, taking place the same day the CVE was patched. LiteLLM is one of the most widely deployed AI gateways used to route traffic across large enterprise AI environments. Over the following six weeks, the sensors recorded hundreds of attack attempts ranging from reconnaissance to full sandbox escape payloads. Zenity also observed attacks targeting additional LiteLLM vulnerabilities, including a separate server-side request forgery (SSRF) vulnerability with attempted data exfiltration through a novel variant of CVE-2024-6587. The sensors also identified a highly coordinated campaign targeting CVE-2026-35029, a vulnerability in LiteLLM’s admin endpoint that has since been patched by BerriAI.

Methodology

The findings are based on data collected from Zenity Labs' network of AI threat intelligence sensors, which provide direct visibility into how threat actors target and abuse AI infrastructure in the wild. The research captured thousands of attack attempts across AI environments, including exploitation attempts, reconnaissance activity and AI compute theft.

“We’ve laid out traps that look and behave like enterprise AI infrastructure and agents, to gain increased visibility into attacker behavior," said Michael Bargury, co-founder and CTO of Zenity. “Attackers spotted our vulnerable AI, exploited n-day vulnerabilities and tried to leverage our AI resources to conduct real-world attacks, tipping their hands and revealing their TTPs. This is just the first drop, with more findings coming soon."

Additional details are available in the following Zenity Labs research blogs:

• Bring Your Own Agent: Hijacking Exposed AI Backends to Power Offensive Operations
• Threat Actors Are Trying to use LiteLLM's Guardrail Tester to Run Code as Root
• Threat Actors Are Trying to Turn LiteLLM's Connection-Test Into a Key-Exfiltration Channel

The full research, including CVE timelines, attacker TTPs and defender recommendations, is available at www.zenity.io/labs

About Zenity

Zenity is the first security and governance platform purpose-built for agents spanning SaaS, homegrown platforms (Cloud) and end user devices (Endpoint). Trusted by Fortune 500 enterprises, Zenity helps security teams confidently adopt AI by delivering defense in depth with full-lifecycle coverage, from agent discovery and posture management to real-time detection, inline prevention and response. With an agent-centric approach that prioritizes how agents behave, what they access and which tools they invoke, Zenity eliminates blind spots and enforces consistent policy and controls across environments so organizations can innovate with AI without compromising security. Learn more at www.zenity.io.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260630365727/en/

For Media Inquiries
Elyse Familant
Results PR
[email protected]

Source: Zenity

You May Also Be Interested In

• GE HealthCare announces cash dividend for second quarter of 2026
• nVenia Adopts the CADDi AI Data Platform to Assetize 750,000 Drawings and Strengthen Aftermarket Value Across Multiple Brands
• InvestorNewsBreaks – Cardio Diagnostics Holdings Inc. (NASDAQ: CDIO) Showcases Precision Cardiovascular Solutions for Employers, Health Plans