The commonest API actions known as by attackers through compromised credentials earlier this 12 months included InvokeModel, InvokeModelStream, Converse, and ConverseStream. Nonetheless, attackers had been additionally just lately noticed utilizing PutFoundationModelEntitlement and PutUseCaseForModelAccess, that are used to allow fashions, together with ListFoundationModels and GetFoundationModelAvailability, prematurely as a way to detect which fashions an account has entry to.
Which means organizations which have deployed Bedrock however not activated sure fashions aren’t protected. The distinction in value between completely different fashions may be substantial. For instance, for a Claude 2.x mannequin utilization the researchers calculated a possible value of over $46,000 per day however for fashions corresponding to Claude 3 Opus the associated fee could possibly be two to 3 instances larger.
The researchers have seen attackers utilizing Claude 3 to generate and enhance the code of a script designed to question the mannequin within the first place. The script is designed to repeatedly work together with the mannequin, producing responses, monitoring for particular content material, and saving the ends in textual content recordsdata.