BlockBeats News, April 10th, Solayer founder @Fried_rice posted on social media, stating that Large Language Model (LLM) agents are increasingly relying on third-party API routers, which dispatch tool invocation requests to multiple upstream providers. These routers operate as application-layer proxies, able to access each payload in plaintext during transit, but currently no provider enforces end-to-end encryption integrity protection between the client and upstream model.

The paper tested 28 paid routers purchased from Taobao, Xianyu, and Shopify standalone stores, as well as 400 free routers collected from public communities. The results revealed that 1 paid router and 8 free routers are actively injecting malicious code, 2 deployed adaptive evasion triggers, 17 touched AWS Canary credentials owned by researchers, and 1 stole ETH from a private key held by researchers.

Two poisoning studies further illustrate that seemingly benign routers can also be exploited: a leaked OpenAI key was used to generate 1 billion GPT-5.4 tokens and over 7 Codex sessions; while weaker-configured bait resulted in 20 billion billing tokens, 99 credentials spanning 440 Codex sessions, and 401 sessions running in autonomous YOLO mode.

The research team built a research-oriented agent named Mine, which can carry out all four types of attacks against four public proxy frameworks and validate three client-side defense measures: fault-locking policy gating, response-side anomaly screening, and append-only transparent log recording.