Overview
- In an April 2026 arXiv study, the team examined 428 third‑party large language model routers and documented credential theft, code injection, and evasive behavior.
- The researchers reported 26 routers injecting malicious tool calls or stealing credentials, while nine were confirmed injecting code and 17 accessed embedded AWS keys.
- One router withdrew a small amount of Ether from a researcher‑controlled decoy wallet after the team supplied a prefunded private key.
- These routers terminate TLS encryption and read messages in plain text, which lets injected instructions run unchecked when agent frameworks use auto‑execute settings like “YOLO mode.”
- The team urges developers to keep private keys out of agent sessions and calls for cryptographic signing of model outputs, noting the findings come from a preprint that has not yet been peer reviewed.