AI sex bots powered by hacked clouds

Kiddie violinists use custom accounts

Organizations that inadvertently expose credentials in their cloud environments become targets for cybercriminals who use cloud access to exploit and resell AI-powered sex bot services.

According to researchers, these AI chatbots – which use customized techniques to bypass content restrictions – can quickly descend into dark, disturbing scenarios, including child sexual exploitation and rape images.

Experts from security firm Permiso Security noted a sharp increase in attacks on generative artificial intelligence (AI) infrastructure, with platforms such as Amazon Web Services (AWS) Bedrock explicitly targeted.

These attacks have increased dramatically over the past six months, mostly due to accidental leaks of cloud data, which is often found in publicly accessible code repositories such as GitHub.

Permiso’s investigation into compromised AWS accounts found that attackers used stolen credentials to communicate with the large language models (LLMs) hosted on Bedrock.

Alarmingly, none of the affected organizations had logging enabled (a feature that is disabled by default), leaving them blind to the activities performed using their compromised systems.

Permiso researchers deliberately leaked an AWS test key on GitHub, this time with logging enabled, allowing them to monitor how attackers would abuse the access.

Within minutes, their decoy key was exploited to participate in a service that promotes AI-powered sexual chat services.

According to their report, “After reviewing the clues and responses, it became clear that the attacker was hosting an AI role-playing service that uses common jailbreak techniques to allow the models to accept and interact with content that would normally be blocked.”

“Almost all of the roleplay was sexual, with some of the content straying into dark topics such as child sexual abuse,” the report continued. In just two days, Permiso recorded more than 75,000 successful AI model interactions, most of which involved explicit content.

This revelation highlights a growing and disturbing trend in the misuse of AI technology, raising pressing questions about the security practices surrounding cloud credentials and the safeguards needed to prevent such exploitation.