Hackers Broke Into an AI Gateway and Found a Door to Everything

A cryptomining attack on an Amazon cloud server was almost certainly the least damaging thing the criminals could have done. Security researchers say AI gateways are becoming one of the most overlooked entry points in enterprise computing.

ThreatVectr Newsdesk· 3 min read
Photoreal news-editorial style, 16:9 framing, edge-to-edge composition
Share

Key points

  • Researchers at Darktrace investigated a 2025 incident in which criminals broke into an Amazon Web Services cloud server that acted as an AI gateway, a system that manages access to multiple artificial intelligence models at once.
  • The criminals used the server to run cryptomining software, meaning software that secretly uses a company's computing power to generate cryptocurrency, but Darktrace says far worse outcomes were within reach.
  • The attacker likely got in by guessing or brute-forcing the server's login credentials, repeatedly trying password combinations until one worked.
  • If the criminals had chosen a quieter path, they could have stolen API keys (the digital passcodes that let software talk to other software), read private company documents, or moved deeper into the organisation's cloud accounts.
  • Darktrace's Nathaniel Jones describes AI gateways as "a mini supply chain": breaking into one can expose dozens of connected systems without touching any of them directly.

Something quietly dangerous happened on an Amazon cloud server not long ago. Criminals got in, installed cryptomining software, and started making money off the company's electricity bill. Boring, almost. Except the server they chose was an AI gateway.

An AI gateway is the switchboard an organisation puts in front of its artificial intelligence tools. Instead of connecting every internal system directly to an AI model, a company routes everything through one central point. Tidy. Efficient. And, as Darktrace's investigation shows, a spectacular target.

Darktrace, a cybersecurity firm, spotted unusual activity on an externally exposed Amazon EC2 instance, which is a virtual computer rented from Amazon's cloud platform, connected to Amazon Bedrock. Bedrock is Amazon's managed service that lets businesses plug into AI models from multiple providers without running the underlying hardware themselves. The criminals downloaded XMRig, a well-known cryptomining tool, and connected to a mining pool within minutes of getting in.

How did the hackers get in?

Darktrace could not confirm the exact method, but the evidence points to a brute-force login attack, where criminals simply hammer a login page with thousands of password guesses until one works. Strong, unique credentials and multi-factor authentication (MFA, meaning a second verification step beyond a password, like a code sent to your phone) would very likely have stopped this cold.

The cryptomining was noisy. It showed up fast. But Jones warns that the same initial access could have been used for things much harder to detect: reading sensitive prompts and AI outputs, copying cloud credentials, or using the gateway's built-in permissions to wander into adjacent systems.

That last point matters most. AI gateways typically hold API keys for multiple AI providers, connections to internal documents and databases, and integrated identity permissions across cloud services. One door in, many rooms available.

For ordinary employees and customers of companies running this kind of infrastructure, the practical message is straightforward. Ask whether your employer treats its AI tools with the same security discipline applied to payroll or customer databases. If the answer is vague, that is worth pressing on.

Jones puts it plainly: the most common risks are not exotic AI attacks. They are everyday systems, left slightly too open, for slightly too long.

© 2026 Threat Vectr