Ian Ahl, SVP of threat research at Permiso, told Bryan Krebs that "the restrictions AWS placed on the exposed key did nothing to stop the attackers from using it to abuse Bedrock services" with Krebs noting that "sometime in the past few days, however, AWS responded by including Bedrock in the list of services that will be quarantined in the event an AWS key or credential pair is found compromised or exposed online. AWS confirmed that Bedrock was a new addition to its quarantine procedures."

Permiso tied the abuse to a sex roleplaying portal called "Chub" – which insisted that the Bedrock abuse had nothing to do with it.

"Our own LLMs run on our own infrastructure... Any individuals participating in such attacks can use any number of UIs that allow user-supplied keys to connect to third-party APIs. We do not participate in, enable or condone any illegal activity whatsoever," it said by email.