An LLMjacking operation has been targeting exposed LLMs and MCPs at scale, for commercial monetization.
January 29, 2026 By Ionut Arghire
As part of a broad LLMjacking operation, cybercriminals are searching for, hijacking, and monetizing exposed LLM and MCP endpoints at scale, Pillar Security reports.
The campaign, dubbed Operation Bizarre Bazaar, targets exposed or unprotected AI endpoints to hijack system resources, resell API access, exfiltrate data, and move laterally to internal systems.
The attacks mainly impact self-hosted LLM infrastructure, including endpoints with exposed default ports, unauthenticated APIs, development/staging environments, and MCP servers.
“The threat differs from traditional API abuse because compromised LLM endpoints can generate significant costs (inference is expensive), expose sensitive organizational data, and provide lateral movement opportunities,” Pillar explains.
Operation Bizarre Bazaar involves three interconnected entities: a scanner (bot infrastructure that scours the web for exposed systems), a validator (tied to silver.inc, it validates identified endpoints), and a marketplace (The Unified LLM API Gateway, controlled by silver.inc).