AI agents targeted via routers to inject payloads and steal your secrets

Published: 13 April 2026
Last updated: 20 April 2026
Router targeted by hackers
Image by Cybernews.

As AI agents increasingly rely on third-party API routers, criminals are using this dependence to trick users and inject malicious code into their machines.

Key takeaways:
  • Malicious API routers can hijack AI agents to inject code and steal secrets.
  • Study finds compromised routers leaking credentials and even crypto assets.
  • Attackers exploit weak configurations and third-party dependencies at scale.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

A new report from the University of California and private-sector cybersecurity researchers has shown that, across 28 paid routers purchased from Taobao, Xianyu, and Shopify-hosted storefronts and 400 free routers collected from public communities, 1 paid and 8 free routers were injecting malicious code.

ADVERTISEMENT

Two were deploying adaptive evasion triggers, 17 were touching researcher-owned AWS canary credentials, and 1 stole ethereum (ETH) from a researcher's wallet after accessing their private key.

What's more, two poisoning studies also showed that even benign routers can be pulled into the same attack surface as they process end-user requests using leaked credentials and poorly configured peers.

Strong password generator

Upgrade the security of your online accounts.
Create strong passwords that are completely random and impossible to guess.
Generated unique password
Ad link_title
Convenient way to secure and use all your passwords. Now 72% OFF!
Get NordPass

For example, intentionally leaked OpenAI keys and weakly configured decoys have processed billions of tokens from these routers, exposing credentials across hundreds of sessions and allowing direct payload injection.

"The March 2026 LiteLLM compromise demonstrated exactly this primitive at scale: once the attacker controlled the request pipeline, every transiting tool call was exposed to rewriting," the researchers said.

As reported by Cybernews, LiteLLM, a popular Python library used by AI developers, was compromised to deliver mass credential-harvesting malware.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Two main attack categories were also identified in the study: payload injection (rewriting the model's tool-call responses before the agent executes them) and secret exfiltration (copying credentials, API keys, and prompts that transit the router).

ADVERTISEMENT

Criminals are using at least two evasion techniques to cover their tracks. For example, only specific package installs are being rewritten, or malicious behavior is activated only after a warm-up period.

The researchers say that client-side defenses, such as policy gates, anomaly screening, and transparency logs, can reduce exposure today. However, they concluded that to secure an agent ecosystem, it ultimately needs provider-backed response integrity.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked