By hacking cloud-based LLMs attackers can “pass all the cost and compute to victim organizations that they've hijacked” its researchers said.

The attackers used their stolen key to gain access to AWS Bedrock – a managed service that lets users run a variety of LLMs in the public cloud.