Close Menu

    Stay Ahead with Exclusive Updates!

    Enter your email below and be the first to know what’s happening in the ever-evolving world of technology!

    What's Hot

    The EU Just Put Amazon and Microsoft’s Cloud Businesses in Its Crosshairs. Here Is What the New Competition Rules Actually Mean for Every Business Running on AWS or Azure

    July 6, 2026

    Apple Just Pushed an Unscheduled Security Update Because AI-Powered Attacks Are Moving Faster Than Its Normal Patch Cycle Can Handle

    July 6, 2026

    Samsung Just Made the Largest Single Investment in South Korean History. Here Is Why $648 Billion Is Going Into Chips and AI

    July 6, 2026
    Facebook X (Twitter) Instagram
    Facebook X (Twitter)
    PhronewsPhronews
    • Home
    • Big Tech & Startups

      The EU Just Put Amazon and Microsoft’s Cloud Businesses in Its Crosshairs. Here Is What the New Competition Rules Actually Mean for Every Business Running on AWS or Azure

      July 6, 2026

      Apple Just Pushed an Unscheduled Security Update Because AI-Powered Attacks Are Moving Faster Than Its Normal Patch Cycle Can Handle

      July 6, 2026

      Samsung Just Made the Largest Single Investment in South Korean History. Here Is Why $648 Billion Is Going Into Chips and AI

      July 6, 2026

      Oracle Cut 21,000 Jobs and Blamed AI In the Same Quarter It Increased Spending by 162%. Here Is What That Contradiction Really Means

      July 6, 2026

      Nvidia Has Dominated AI Data Centers for Years. Qualcomm Just Announced It Wants That Market Too. Here Is Whether It Can Win

      July 4, 2026
    • Crypto

      Market Collapse: What Happened to NFTs?

      April 23, 2026

      Quantum Computing Advances Force Coinbase and Institutional Custodians to Rethink Crypto Security

      March 8, 2026

      AI Assisted Hacking Groups Target Crypto Firms With Multi-Layered Social Engineering

      February 18, 2026

      Global Crypto Regulations Expand as 2026 Begins With New Data Collection Frameworks and National Laws

      January 16, 2026

      Coinbase Bets on Stablecoin and On-Chain Growth as Key Market Drivers in 2026 Strategy

      January 10, 2026
    • Gadgets & Smart Tech
      Featured

      Google’s New Smart Speaker Has Gemini Built In and Works With Everything. Here Is Whether It Is Finally Worth Switching From Amazon Echo or Apple HomePod

      By fariehanJuly 4, 2026
      Recent

      Google’s New Smart Speaker Has Gemini Built In and Works With Everything. Here Is Whether It Is Finally Worth Switching From Amazon Echo or Apple HomePod

      July 4, 2026

      Tesla Is Teaching Its Self-Driving AI With Millions of Fake Crashes. Here Is Why That Might Make Real Roads Safer

      June 30, 2026

      Apple Just Rebuilt Siri With AI Across Every Device It Makes. WWDC 2026 Was Not a Software Update. It Was a Strategic Repositioning

      June 20, 2026
    • Cybersecurity & Online Safety

      Apple Just Pushed an Unscheduled Security Update Because AI-Powered Attacks Are Moving Faster Than Its Normal Patch Cycle Can Handle

      July 6, 2026

      Buying World Cup Tickets Online? Scammers Are Already Waiting. Here Is How to Protect Yourself for the Rest of the Tournament.

      July 4, 2026

      Researchers Found an Attack Spreading Through GitHub Like a Parasite. They Named It Cordyceps and It Is Already in 300+ Repositories

      July 4, 2026

      AI Is Now Writing Phishing Emails Good Enough to Fool Your Best Employees. Here Is How to Spot Them

      July 4, 2026

      Hackers Were Inside Cisco’s SD-WAN for Months Before Anyone Noticed. Now CISA Is Forcing Every Company to Patch It

      July 4, 2026
    PhronewsPhronews
    Home»Cybersecurity & Online Safety»Operation Bizarre Bazaar Hijacks Unsecured AI Model Endpoints in a Large-Scale Cybercrime Campaign
    Cybersecurity & Online Safety

    Operation Bizarre Bazaar Hijacks Unsecured AI Model Endpoints in a Large-Scale Cybercrime Campaign

    preciousBy preciousFebruary 6, 2026No Comments
    Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email
    Photo Credit: xalien/Shutterstock

    Hackers have turned unsecured AI systems into their own profit machine through an Operation Bizarre Bazaar campaign. Between December 2025 and January 2026, security researchers at Pillar Security tracked more than 35,000 attacks targeting companies running AI chatbots and language models, stealing computing power, building an entire underground business, and selling cheap access to hijacked AI systems.

    The campaign, called Operation Bizarre Bazaar, saw criminals scan the internet for AI systems left open to the public, test them to make sure they work, then resell access to other hackers at a discount. Termed “LLMjacking,” it is the first documented case of hackers creating a full-service marketplace around stolen AI infrastructure.

    How the LLMjacking Campaign Works

    LLMjacking refers to hijacking Large Language Model infrastructure, essentially stealing AI systems for unauthorized use. The term closely mirrors “cryptojacking,” where criminals steal computing power to mine cryptocurrency. 

    In this case, attackers target AI systems to steal expensive computing resources, resell access to others, pull out sensitive data, or use compromised systems as doorways into company networks.

    The attacks focus on organizations running their own AI infrastructure rather than using cloud services like ChatGPT. This is because companies host their own AI for various reasons such as keeping sensitive data private, customizing models for specific needs, or avoiding per-use fees from commercial providers. 

    These self-hosted systems include tools like Ollama and vLLM, which let developers run powerful language models on their own servers. The problem arises when these systems get exposed to the internet without proper security.

    Between December 2025 and January 2026, Pillar Security’s monitoring systems captured 35,000 distinct attack sessions, which represents an average of 972 attempts every single day.

    Operation Bizarre Bazaar: Three Players, One Criminal Pipeline

    Operation Bizarre Bazaar runs on a simple but effective model, LLMjacking, with three key players. First, automated scanners sweep the internet looking for AI systems that anyone can access without a password. These scanners then hunt for popular AI tools like Ollama, which developers use to run language models on their own servers, and vLLM, another common AI hosting service.

    Once the scanners find vulnerable systems, a service called silver.inc steps in to verify they actually work. The attackers send test requests to each AI system, trying fake passwords to see which systems don’t bother checking credentials. They also test what kinds of AI models each system runs, whether it’s GPT-style chatbots, code generators, or other AI tools.

    The final player is the marketplace itself. Silver.inc operates openly, calling itself “The Unified LLM API Gateway” and advertising on Discord and Telegram. The service claims to offer access to more than 30 different AI providers at prices 40-60% cheaper than legitimate services, and accepting both cryptocurrency and PayPal. 

    What This Means

    AI‑driven workloads have become central to how organizations build products, automate operations, and interact with customers, but security practices around those workloads have lagged behind. Traditional perimeter thinking often treats AI endpoints as “just another API,” even though their compute cost, connectivity, and access to sensitive context make them high‑value, high‑impact targets. 

    The Operation Bizarre Bazaar campaign highlights how quickly opportunistic actors will exploit that gap, turning innocent configuration mistakes into ongoing revenue streams.

    The operation also illustrates how AI is now both a target and an enabler of cybercrime. On one side, exposed model endpoints are abused for unauthorized inference and data access. On the other, AI tools are increasingly used by attackers to speed up reconnaissance, exploit development, and social engineering. 

    For security and engineering leaders, this means AI infrastructure can no longer sit on the borders of threat modeling or cloud security reviews, as it now has to be treated as part of the critical attack surface.

    AI infrastructure security API security for LLMs Artificial Intelligence Compute resource theft Cryptojacking vs LLMjacking Cybercrime Cybercrime trends 2026 Discord cybercrime channels LLMjacking Ollama security vulnerabilities Operation Bizarre Bazaar Pillar Security Shadow AI infrastructure Silver.inc marketplace Telegram cybercrime channels Unauthorized inference attacks Underground marketplace for stolen sensitive data Unsecured AI endpoints vLLM endpoint protection
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email
    precious
    • LinkedIn

    I’m Precious Amusat, Phronews’ Content Writer. I conduct in-depth research and write on the latest developments in the tech industry, including trends in big tech, startups, cybersecurity, artificial intelligence and their global impacts. When I’m off the clock, you’ll find me cheering on women’s footy, curled up with a romance novel, or binge-watching crime thrillers.

    Related Posts

    Apple Just Pushed an Unscheduled Security Update Because AI-Powered Attacks Are Moving Faster Than Its Normal Patch Cycle Can Handle

    July 6, 2026

    Buying World Cup Tickets Online? Scammers Are Already Waiting. Here Is How to Protect Yourself for the Rest of the Tournament.

    July 4, 2026

    Researchers Found an Attack Spreading Through GitHub Like a Parasite. They Named It Cordyceps and It Is Already in 300+ Repositories

    July 4, 2026

    Comments are closed.

    Top Posts

    Coinbase responds to hack: customer impact and official statement

    May 22, 2025

    Anthropic Will Use Claude User Chats For Data Training

    October 16, 2025

    Cursor AI Hits 1 Million Daily Users. Why Developers Are Switching to This Coding Tool

    March 23, 2026

    MIT Study Reveals ChatGPT Impairs Brain Activity & Thinking

    June 29, 2025
    Don't Miss
    Tech Laws & Digital Rights

    The EU Just Put Amazon and Microsoft’s Cloud Businesses in Its Crosshairs. Here Is What the New Competition Rules Actually Mean for Every Business Running on AWS or Azure

    By fariehanJuly 6, 2026

    The EU cloud gatekeeper rules just landed on Amazon and Microsoft’s cloud businesses. The European…

    Apple Just Pushed an Unscheduled Security Update Because AI-Powered Attacks Are Moving Faster Than Its Normal Patch Cycle Can Handle

    July 6, 2026

    Samsung Just Made the Largest Single Investment in South Korean History. Here Is Why $648 Billion Is Going Into Chips and AI

    July 6, 2026

    Oracle Cut 21,000 Jobs and Blamed AI In the Same Quarter It Increased Spending by 162%. Here Is What That Contradiction Really Means

    July 6, 2026
    Stay In Touch
    • Facebook
    • Twitter
    About Us
    About Us

    Evolving from Phronesis News, Phronews brings deep insight and smart analysis to the world of technology. Stay informed, stay ahead, and navigate tech with wisdom.
    We're accepting new partnerships right now.

    Email Us: info@phronews.com

    Facebook X (Twitter) Pinterest YouTube
    Our Picks
    Most Popular

    Coinbase responds to hack: customer impact and official statement

    May 22, 2025

    Anthropic Will Use Claude User Chats For Data Training

    October 16, 2025

    Cursor AI Hits 1 Million Daily Users. Why Developers Are Switching to This Coding Tool

    March 23, 2026
    © 2025. Phronews.
    • Home
    • About Us
    • Get In Touch
    • Privacy Policy
    • Terms and Conditions

    Type above and press Enter to search. Press Esc to cancel.