OPEN LINK ↗
// 45d agoRESEARCH PAPER
Paper Flags Malicious LLM Routers
This paper audits 428 third-party LLM API routers and finds a real supply-chain risk: 9 were actively malicious, 17 probed AWS canaries, and one drained ETH from a researcher-owned wallet. It argues that plaintext routing between agents and models creates an integrity gap no provider currently signs or verifies end to end.
// ANALYSIS
This is the kind of security paper that should make teams reassess any cost-saving proxy in the agent path. The uncomfortable part is not just that malicious routers exist, but that adaptive evasion and poisoning tricks let them survive casual testing.
- –2.1% active malice in a sampled router market is high enough to treat third-party routing as an adversarial layer, not a neutral optimization
- –The ETH drain and AWS-canary touches move this from theoretical prompt-tampering into demonstrated credential and asset theft
- –The poisoning studies show how easy it is to turn “benign” routing into a data-harvesting channel once secrets or weak decoys enter the workflow
- –Fail-closed schema validation and append-only tool-call logging are sensible client-side controls, but they mitigate damage after trust has already been broken
- –Enterprise gateways that route directly to providers are a different risk profile; the paper’s warning is aimed at gray-market and community proxy ecosystems
// TAGS
llmagentapiresearchsafetyyour-agent-is-mine
DISCOVERED
45d ago
2026-04-16
PUBLISHED
45d ago
2026-04-16
RELEVANCE
9/ 10
AUTHOR
jimmytoan