Solayer’s founder releases research on LLM supply chain security; more than 2% of free routers have been exposed as having been maliciously injected

Gate News message. On April 10, Solayer’s founder @Fried_rice disclosed a major security vulnerability in the large language model (LLM) supply chain in a social media post. The research indicates that LLM agents are increasingly relying on third-party API routers to distribute tool-calling requests to multiple upstream providers. These routers run as application-layer proxies and are able to access each in-transit JSON payload in plaintext, but no provider has, at present, enforced encryption integrity protection between the client and the upstream model.

The paper tested 28 paid routers purchased from Taobao, Xianyu, and standalone Shopify stores, as well as 400 free routers collected from public communities. The results found that 1 paid router and 8 free routers are actively injecting malicious code; 2 deployed adaptive evasion triggers; 17 touched AWS Canary credentials owned by the researchers; and 1 stole ETH from a private key held by the researchers.

The two poisoning studies further show that seemingly harmless routers can also be leveraged: a leaked OpenAI key was used to generate 100 million GPT-5.4 tokens and more than 7 Codex sessions; meanwhile, weaker-configured decoys produced 2 billion billed tokens, 99 sets of credentials spanning 440 Codex sessions, and 401 sessions that were running in autonomous YOLO mode.

The research team built a research agent named Mine that can carry out all four types of attacks against four publicly available agent frameworks, and validated three client-side defense measures: a fail-closed policy gate, response-side anomaly screening, and append-only transparent logging.