AI Supply Chain Vulnerability: Malicious LLM Routers Targeting Crypto Credentials

University of California researchers have uncovered a significant security breach within the AI supply chain, revealing that several third-party Large Language Model (LLM) routers are actively stealing credentials and injecting malicious tool calls. These routers, which aggregate access to providers such as OpenAI, Anthropic, and Google, act as intermediaries that terminate Transport Layer Security (TLS) connections. Because these routers have full plaintext access to every message, developers using AI coding agents to work on wallets or smart contracts may inadvertently pass private keys and seed phrases through unsecured infrastructure. The researchers tested 28 paid and 400 free routers, discovering that 26 were compromised in various ways. Specific findings include nine routers actively injecting malicious code and 17 accessing Amazon Web Services (AWS) credentials. In one instance, a router successfully drained Ether (ETH) from a researcher-owned private key. The study also highlighted the danger of 'YOLO mode,' a setting in AI frameworks that executes commands automatically without user confirmation, allowing malicious code to run silently. To mitigate these risks, researchers advise developers to bolster client-side defenses and strictly avoid transmitting private keys through AI agent sessions. The proposed long-term solution is for AI providers to cryptographically sign their responses, enabling agents to mathematically verify that instructions originate from the actual model rather than a malicious intermediary.