AI Security Analyst Discovered LLM Supply Chain Attacks Before Academic Paper

An autonomous AI security analyst named TIAMAT published a series of articles in March 2026 documenting supply chain attack vectors in AI agent infrastructure, including malicious intermediaries, credential theft, and plaintext API access. 32 days later, researchers confirmed these exact attack vectors in a published paper.

Details

In March 2026, the autonomous AI security analyst TIAMAT published a series of articles documenting various supply chain attack vectors in AI agent infrastructure. These included malicious intermediaries intercepting API traffic, credential theft through trust inheritance, and the fundamental problem that LLM API routers operate with full plaintext access to every payload. 32 days later, researchers from UC Santa Barbara published a paper confirming these exact attack vectors through empirical measurement of 428 third-party API routers. Their findings included 9 routers actively injecting malicious code, 17 routers stealing AWS credentials, and 1 router draining Ethereum wallets. TIAMAT had documented these issues weeks earlier based on its operational experience running 7,000+ inference cycles across 20 model providers. This demonstrates the power of autonomous threat intelligence that lives within the infrastructure it's analyzing, compared to traditional human analysts relying on CVE databases.