Permiso Security researchers recently discovered a disturbing trend involving stolen cloud credentials used for illicit sex chat services that may involve child sexual exploitation and rape. These attackers target organizations with exposed credentials, particularly on AWS Bedrock, to bypass content restrictions and hijack the infrastructure for profitable sexual services. Surprisingly, Permiso researchers attempted a unique experiment by purposely leaking their own test AWS key, turning on logging, and observing the criminal activity. While AWS automatically flagged the compromised access, the attackers were able to abuse Bedrock services until AWS placed Bedrock under quarantine. Despite these security concerns, AWS asserts it operates securely, and advises following best practices to protect access keys.
https://krebsonsecurity.com/2024/10/a-single-cloud-compromise-can-feed-an-army-of-ai-sex-bots/