A group of researchers from UC Santa Barbara, UC San Diego, Fuzzland, and World Liberty Financial has uncovered a major security vulnerability in the infrastructure powering AI agents. The study identifies "LLM routers"—services that sit between users and AI models—as a primary attack vector for hackers looking to steal credentials and funds.
According to the research paper, these routers have full access to the data passing between a user and an AI model. By intercepting this traffic, malicious actors can alter requests or inject unauthorized commands. The team documented 26 instances where routers were used to secretly execute malicious tool calls, resulting in the theft of credentials and a $500,000 drain from a single victim's crypto wallet.
The vulnerability in AI mediation
AI agents are increasingly being tasked with high-stakes financial operations. Projections from McKinsey estimate these agents could mediate up to $5 trillion in global commerce by 2030. Industry figures, including Coinbase CEO Brian Armstrong and Binance founder Changpeng Zhao, have argued that AI-driven transactions will soon outpace human-led activity on the internet.
Despite this rapid adoption, the researchers warn that the infrastructure mediating these interactions is largely unregulated. Users often believe they are communicating directly with reputable AI providers like OpenAI or Anthropic, failing to realize their data passes through intermediary routers capable of intercepting sensitive information.
"LLM agents have moved beyond conversational assistants into systems that book flights, execute code, and manage infrastructure on behalf of users," the researchers noted in their report. They argue that these routers create a cascading, weakest-link risk for anyone using AI to manage digital assets.
The findings highlight a widening gap between the speed of AI deployment and the implementation of necessary security protocols. As AI agents gain more autonomy over financial systems, the researchers suggest that the current "invisible" layer of infrastructure poses an immediate threat to the security of decentralized finance and personal digital wallets.
