A developer woke up to an $82,000 bill. Their crime? Leaving a Google Gemini API key exposed in a public code repository. Within 48 hours, attackers had found the key, spun up thousands of AI inference requests, and disappeared, leaving a debt that dwarfed a monthly salary. This is not an isolated incident.
LLM API security has become one of the most pressing concerns for any organisation building with generative AI. As businesses race to integrate large language models into their products and workflows, a wave of sophisticated attackers, now known as LLMjackers, are right behind them, scanning for exposed credentials and monetising them at scale.
What is LLM API security? LLM API security refers to the practices, controls, and safeguards that protect access to large language model APIs, such as OpenAI, Anthropic Claude, and Google Gemini, from unauthorised use, credential theft, and financial exploitation. When these controls fail, the consequences can include five-figure bills, service suspensions, and serious reputational damage.
The attack method is deceptively simple. Attackers scan public code repositories, leaked environment files, and compromised developer tools for exposed API keys. Once found, those keys are monetised in seconds, either directly by the attacker or sold on underground marketplaces to others. The rightful owner pays the bill.
With AI inference costs running at pennies per call, a stolen key can accumulate tens of thousands of pounds in charges before any alert is triggered. By the time a provider sends a bill, the damage is already done.
For IT leaders and business owners, understanding and investing in LLM API security is not optional. It is a financial and operational necessity.
The Rise of LLMjacking: A New Threat Category
LLMjacking is the term security researchers now use to describe the theft and abuse of AI API credentials for financial gain. Unlike traditional cybercrime that targets data, LLMjackers target computational access. Their goal is not your customer records. It is your AI inference budget.
Sysdig’s 2026 threat research documented a 376% increase in credential theft specifically targeting AI services between Q4 2025 and Q1 2026. This growth trajectory mirrors what happened with cloud compute theft a decade ago, except the economics are worse. AI inference is expensive, attackers are automated, and victims often have no real-time spend controls in place.
Effective LLM API security requires understanding both how attackers operate and which controls close the most dangerous gaps. The incidents below illustrate the real-world scale of the problem.
Real-World LLM API Security Incidents You Need to Know
Case 1: The $82,000 Gemini API Bill (February 2026)
A developer’s stolen Google Cloud API key resulted in $82,314.44 in charges accumulated within a single 24-hour window. Their regular monthly spend had been $180. Researchers at Truffle Security separately identified 2,863 live Google API keys publicly accessible on the internet, many originally deployed for non-AI services such as Google Maps, that also carried Gemini access following a platform policy change. A single moment of credential exposure was enough to cause catastrophic financial damage.
Case 2: 15 Malicious JetBrains Plugins, 70,000 Developers Targeted (2026)
A campaign that ran for approximately eight months targeted developers via 15 malicious JetBrains Marketplace plugins. When a developer entered their AI provider API key into the plugin’s settings panel, the plugin’s code silently intercepted the key and forwarded it to attacker-controlled servers. The attackers then sold AI access to paying customers while forcing the original key owners to cover the provider costs. This created a self-sustaining fraud cycle that reached 70,000 installations before detection.
Case 3: Microsoft’s Storm-2139 LLMjacking Syndicate (January 2025)
Microsoft disrupted a transnational criminal syndicate that built a custom tool called de3u, a web application that enabled users to generate DALL-E images using stolen Azure OpenAI API keys and bypass Microsoft’s content safety filters. In February 2025, Microsoft publicly named four defendants across Iran, the UK, Hong Kong, and Vietnam. The case confirmed that LLM API credential theft is now organised, international, and commercially scaled.
Case 4: The LiteLLM Supply Chain Attack
LiteLLM, a widely used open-source AI proxy package, was compromised on PyPI. Two of its published versions contained malicious code that harvested API credentials, enabled lateral movement across Kubernetes clusters, and installed persistent backdoors. Any organisation using those specific versions had their AI API credentials silently exfiltrated, frequently without ever realising it had occurred.
Is Your AI API Exposure Your Next Major Security Incident?
Transputec's cybersecurity experts can assess your LLM API security posture and help you build controls that stop bill shock before it starts. Our team works with businesses across the UK and globally to design AI security frameworks that protect your investment without slowing down innovation.
Get a Strategic ConsultationHow Attackers Find and Exploit Your LLM API Credentials
Understanding your attack surface is the first step in improving your LLM API security posture. Attackers rely on four primary methods to locate and exploit exposed credentials:
- Public repository scanning: Automated bots continuously scan GitHub, GitLab, and Bitbucket for accidentally committed .env files, configuration files, and hardcoded keys. This takes seconds and costs attackers nothing.
- Malicious packages and plugins: Tools intercept credentials during normal developer activity. The developer has no indication anything is wrong, as seen in the JetBrains incident above.
- Supply chain compromise: Packages published to npm, PyPI, or other open-source registries are tampered with to include credential harvesting code, as demonstrated by the LiteLLM attack.
- Exposed application traffic: iOS and Android apps have been found transmitting LLM API credentials in plaintext over network requests, where they can be captured by anyone monitoring traffic on the same network.
10 Steps to Protect Your Organisation from LLM API Exploitation
Strong LLM API security does not require a large budget. It requires discipline and the right controls embedded from the start.
- Never hardcode API keys in source code: Use environment variables or a dedicated secrets manager such as AWS Secrets Manager, HashiCorp Vault, or Azure Key Vault. This single step eliminates the most common exposure vector.
- Rotate keys regularly and immediately after any suspected exposure: Treat a compromised API key the same way you would treat a compromised password: revoke first, investigate second.
- Set spend limits and billing alerts on every AI provider account: Most providers, including OpenAI and Google, allow hard spend caps. Configure billing alerts at 50% and 80% of your limit so you are never caught off guard.
- Apply the principle of least privilege: Create separate API keys for each application or service, with the minimum permissions required. Never share a single master key across multiple projects or environments.
- Monitor API usage in real time: Establish a baseline of normal usage patterns and alert on anomalies, such as sudden spikes in token consumption or requests originating from unexpected IP addresses.
- Audit your dependency supply chain: Regularly review open-source packages and plugins for signs of tampering. Use tools that verify package integrity and flag unexpected network behaviour.
- Scan your repositories for exposed secrets: Tools such as GitGuardian and TruffleHog can scan historical commits and flag credentials that may have been committed months or years ago and since forgotten.
- Restrict API key access by IP address where possible: Many providers allow you to bind a key to a specific IP range, dramatically reducing the value of a stolen key to an attacker.
- Implement rate limiting and request throttling at the application level: Even if a key is compromised, rate limits prevent an attacker from generating catastrophic costs in a short window.
- Train your development teams: Many exposures result from developer error, not technical failure. Ensure your teams understand secure credential handling and know exactly what to do if they suspect a key has been leaked.
LLM API Security Within Your Wider Cybersecurity Programme
For organisations without in-house security expertise, Transputec’s Managed Cyber Security Services provide continuous monitoring, threat detection, and rapid response capabilities tailored to your environment. For practical guidance on embedding security into AI builds from day one, read our blog on how to build AI agents on AWS without creating a security headache.
You can also explore how Agentic AI is transforming enterprise cybersecurity and how Transputec’s AI-Powered Cloud Security approach integrates real-time threat intelligence directly into your existing infrastructure.
How Transputec Can Help Secure Your AI APIs
Transputec works with businesses across the UK and globally to build security programmes that protect AI investments without slowing down innovation. Our Managed SOC Services and Cyber Security as a Service offerings give organisations at every stage of their AI journey access to enterprise-grade threat monitoring, incident response, and credential security controls. Whether you are a startup building your first AI product or a large enterprise managing hundreds of API integrations, the principles of strong LLM API security apply equally. The cost of a breach in this space is not just financial. It can affect your ability to operate, your relationships with customers, and your standing with AI providers whose terms you may have inadvertently violated through a stolen key.
Conclusion
LLM API security is no longer a concern reserved for large technology companies. Any organisation using AI APIs, whether for a customer service chatbot, a content generation tool, or an internal workflow, is a potential target. The financial consequences of a single compromised key can be swift, severe, and deeply disruptive.
The most effective defences are also the most straightforward: proper key management, hard spend controls, real-time usage monitoring, and supply chain awareness. Organisations that implement these controls now will be far better positioned than those who wait for a five-figure bill to prompt action.
Transputec works with businesses across the UK and globally to build security programmes that protect AI investments without slowing down innovation. Speak with our cybersecurity team to understand your current exposure and what practical steps to take next. Explore our Managed SOC Services and Cyber Security as a Service offerings, designed for organisations at every stage of their AI journey.
FAQs
What is LLMjacking and how does it affect my business?
LLMjacking is a cyberattack in which criminals steal AI API credentials, such as OpenAI, Google Gemini, or Anthropic Claude API keys, and use them to access AI services at the victim’s expense. The attacker runs large volumes of AI inference requests or sells access to others, while the legitimate key owner receives the bill. Strong LLM API security practices, including secrets managers, hard spend limits, and real-time monitoring, are the most reliable defences. Learn how Transputec can help through our Managed Cyber Security Services.
How do hackers find exposed AI API keys?
Automated bots continuously scan public repositories on GitHub, GitLab, and other platforms for accidentally committed API keys, environment files, and configuration data. Attackers also distribute malicious plugins and open-source packages designed to intercept credentials during normal developer activity. Some applications have been found transmitting API credentials in plaintext over network traffic. Transputec’s Managed SOC Services can help detect unusual API activity before it becomes a costly incident.
Can I get a refund from AI providers if my API key is stolen?
Refund policies vary by provider and are not guaranteed. OpenAI, Google, and Anthropic each handle fraud cases individually, and outcomes depend on how quickly the incident is reported and what evidence is available. Prevention is far more reliable than seeking a refund after the fact. Setting hard spend limits and billing alerts is the single most effective way to cap your financial exposure if a key is compromised.
What spend controls should I put in place for LLM API usage?
At a minimum, set a monthly hard spend cap on your AI provider account, configure billing alerts at 50% and 80% of your limit, and establish baseline usage monitoring so anomalies are flagged quickly. More mature organisations implement per-project API keys with individual limits, IP allowlisting, and real-time usage dashboards. Read our blog on AI-Powered Cloud Security for guidance on integrating these controls into your broader cloud security programme.
Is LLM API security relevant to small businesses?
Yes. Small businesses are frequently targeted precisely because they are less likely to have mature security controls in place. A startup with a £400 monthly AI spend can find itself facing a five-figure bill overnight if a key is compromised, with no dedicated security team to detect or respond. Transputec’s Cyber Security as a Service gives smaller organisations access to enterprise-grade security monitoring and incident response without the overhead of building an in-house team.
