So, researchers over at the University of California decided to play a little game of “let’s see if we can get robbed by a router.” They set up this crypto wallet, loaded it with a measly amount of Ether-like, enough for a couple of fancy coffees-and connected it to some AI routing shenanigans. One router, bless its heart, took the bait and drained the wallet faster than I drain a bottle of wine after a bad date. Sure, they lost under $50, but the real drama lies in the implications, darling.
This brilliant experiment was part of a way-too-serious study where they tested 428 large language model routers-28 paid (because of course, someone is paying for this nonsense) and 400 free (because who doesn’t love a good scam?).
And here’s the kicker: nine of these routers were playing dirty, injecting malicious code like they were trying to win a gold medal in cybercrime. Two of them were dodging detection like they were in an action movie, and seventeen of them accessed the researchers’ AWS credentials. Oh, and one little rascal actually stole cryptocurrency. What an overachiever!
How Routers Became A Security Blind Spot
Now, let’s talk about LLM routers. Picture them as the middlemen of the tech world, sitting between your precious application and AI providers like OpenAI, Anthropic, and Google. They’re supposed to bundle API access into a neat little package, but instead, they’re just making it easier for bad actors to snoop around.
“26 LLM routers are secretly injecting malicious tool calls and stealing creds. One drained our client’s $500k wallet.”
“We also managed to poison routers to forward traffic to us. Within several hours, we can directly take over ~400 hosts.”
Check our paper:
– Chaofan Shou (@Fried_rice) April 10, 2026
The issue is as structural as my commitment issues. These routers terminate encrypted internet connections-TLS, if you want to sound smart-and read every single message in plain text before handing it off like a hot potato. So, anything that goes through them-private keys, seed phrases, login credentials-is as visible to the router’s owner as my last Instagram post is to my mom.
According to the researchers, there’s no clear line between normal credential handling and outright theft. It’s like trying to find your ex’s sense of remorse; good luck with that! Developers are left in the dark, unable to tell if a router is a legitimate service or a sneaky data thief in disguise.
Co-author Chaofan Shou had the audacity to post on X that 26 routers were found “secretly injecting malicious tool calls and stealing creds.” Surprise, surprise!
The study also highlighted what they cheekily called “YOLO mode”-a setting in many AI agent frameworks that allows agents to run commands without stopping to ask for permission. Because why not let the robots have all the fun?
A malicious router combined with an auto-executing agent could swipe funds or sneak away with data before a developer even realizes they’ve been ghosted.
Crypto Security: Free Access Used As Bait
Now here’s where it gets juicy. The reports indicate that free routers are under suspicion like a suspicious character in a rom-com. Cheap or free API access seems to be the bait used to lure developers into routing traffic through infrastructure that could very well be harvesting their credentials while they sleep.
Even those shiny routers that start out clean aren’t safe from a bad makeover. Researchers found that previously legit routers could suddenly turn rogue if operators decide to reuse leaked credentials through poorly secured systems. Talk about a plot twist!
The recommended fix? Keep your private keys and seed phrases as far away from AI agent sessions as I keep my bank statements from my partner.
For the long haul, researchers suggest that AI companies cryptographically sign their responses so that any instructions an agent executes can be traced back to the actual model. That way, no sneaky middleman can tamper with them without getting caught-kind of like putting a GPS tracker on your ex. You know, for safety.
Read More
- The Division Resurgence Best Weapon Guide: Tier List, Gear Breakdown, and Farming Guide
- Kagurabachi Chapter 118 Release Date, Time & Where to Read Manga
- Annulus redeem codes and how to use them (April 2026)
- Last Furry: Survival redeem codes and how to use them (April 2026)
- Clash of Clans Sound of Clash Event for April 2026: Details, How to Progress, Rewards and more
- Gold Rate Forecast
- Silver Rate Forecast
- Gear Defenders redeem codes and how to use them (April 2026)
- Total Football free codes and how to redeem them (March 2026)
- Top 5 Best New Mobile Games to play in April 2026
2026-04-14 05:28