Particle.news
Download on the App Store

University of California Finds Malicious AI Routers Stealing Credentials and Draining Test Wallets

The preprint warns that intermediary routing services expose plaintext agent traffic that attackers can abuse.

Overview

  • In an April 2026 arXiv study, the team examined 428 third‑party large language model routers and documented credential theft, code injection, and evasive behavior.
  • The researchers reported 26 routers injecting malicious tool calls or stealing credentials, while nine were confirmed injecting code and 17 accessed embedded AWS keys.
  • One router withdrew a small amount of Ether from a researcher‑controlled decoy wallet after the team supplied a prefunded private key.
  • These routers terminate TLS encryption and read messages in plain text, which lets injected instructions run unchecked when agent frameworks use auto‑execute settings like “YOLO mode.”
  • The team urges developers to keep private keys out of agent sessions and calls for cryptographic signing of model outputs, noting the findings come from a preprint that has not yet been peer reviewed.