AI Service Proxies
Adversaries may utilize commercial proxy services that resell access to AI services such as frontier model APIs. This infrastructure can be used to conduct large scale campaigns to perform Exfiltration via AI Inference API via distillation. Adversaries may also use this infrastructure to Generate Malicious Commands for
- Framework
- MITRE ATLAS
- Maturity
- Feasible
- Platforms
- Enterprise
- Release
- 2026.05
Overview
Adversaries may utilize commercial proxy services that resell access to AI services such as frontier model APIs.
This infrastructure can be used to conduct large-scale campaigns to perform Exfiltration via AI Inference API via distillation. Adversaries may also use this infrastructure to Generate Malicious Commands for offensive cyber operations, or to generate content for Spearphishing via Social Engineering LLM.
Commercial AI service proxies distribute traffic from different accounts and various cloud platforms. The mix of traffic can make malicious activity difficult to detect and block Detecting and preventing distillation attacks \ Anthropic.
Malicious actors conduct LLM Jacking attacks to gain access to victim accounts which they resell access to in their proxy services LLMjacking: Stolen Cloud Credentials Used in New AI Attack | Sysdig.