Attackers Exploit Enterprise AI Infrastructure To Launch Cyber Attacks

Security researchers witnessed attackers hijack unprotected enterprise AI systems to launch attacks on others and run their own operations, exploiting critical flaws in a widely used AI gateway the same day they were patched.

Published on Jul 1, 2026
Hundreds of Exploitation Attempts Hit LiteLLM the Day Its RCE Flaw Was Patched

Zenity Labs has revealed that its network of decoy systems, built to look and behave like real enterprise AI, drew thousands of real-world attack attempts, and it observed attackers hijacking that infrastructure to attack third parties and power their own operations.

The gateway at the center is LiteLLM, one of the most widely deployed tools for routing traffic across large enterprise AI environments. That position makes it a high-value target: compromise the gateway and an attacker can reach the credentials and traffic flowing through it.

LiteLLM has had a difficult year, with several serious vulnerabilities disclosed, including the high-severity remote code execution flaw CVE-2026-40217, as well as separate vulnerabilities that were added to CISA’s KEV catalog after being actively exploited in the wild. 

The speed of exploitation stood out. The company reported hundreds of exploitation attempts against the Remote Code Execution (RCE) flaw on the same day it was patched, followed by weeks of further probing. That timing fits a wider pattern security agencies have warned about, in which the window between a fix becoming public and attackers acting on it is collapsing.

In one case, Zenity said an intruder deployed an autonomous AI penetration-testing tool and pointed it at a live e-commerce site. In others, attackers allegedly used the captured systems as free computing power for their own workloads, an AI-era twist on cryptomining, and routed multi-step agent workflows through the hijacked infrastructure.

A New Surface Security Teams Do Not Watch

The through-line is that AI infrastructure has become both a weapon and a target, sitting in a blind spot for most organizations. The same autonomous, agent-driven capabilities enterprises deploy for productivity can be turned against others when the systems running them are left exposed.

Attackers “exploited n-day vulnerabilities and tried to leverage our AI resources to conduct real-world attacks,” said Michael Bargury, Zenity’s co-founder and Chief Technology Officer (CTO), describing how the traps drew intruders into revealing their methods.

The practical takeaway is that an AI gateway is critical infrastructure, holding credentials and routing sensitive traffic, and belongs under the same monitoring, patching, and access control as any other system that can become a foothold.

This field is for validation purposes and should be left unchanged.

FREE NEWSLETTER

Cyber Weekly

Get curated cybersecurity news, threats and insights delivered free every Thursday.

Written By Written By
Alessandro Mascellino
Alessandro Mascellino Cybersecurity Reporter

Alessandro Mascellino is a British-Italian freelance journalist specializing in technology and gaming. He has contributed to several publications, including Wired, The Independent, and Android Police. By day, he works as a journalist. By night, he co-manages a game studio that creates narrative games.