Attackers move with the money and right now the money is in GenAI - Permiso

Among the techniques they used were calling the GetFoundationModelAvailability API, which is “traditionally called on your behalf when viewing foundational models in the AWS Web Management Console. Attackers are using this API programmatically (not via the web console) with manually formatted requests” Permiso said.

The firm’s two-day experiment generated a $3,500 bill from AWS, largely due to the 75,000 LLM invocations caused by the sex chat hijackers.