CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 22, 2026

AI-Powered iOS Apps Leaking LLM API Credentials Through Network Traffic

Cybersecurity News Archived Jun 22, 2026 ✓ Full text saved

AI-powered iOS applications are increasingly leaking large language model (LLM) API credentials through network traffic, exposing developers to large-scale abuse of their LLM accounts and cloud resources. A recent empirical study of 444 free, LLM-enabled iOS apps from the US App Store found that 282 of them, or 64%, leaked exploitable LLM credentials when their […] The post AI-Powered iOS Apps Leaking LLM API Credentials Through Network Traffic appeared first on Cyber Security News .

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeAI AI-Powered iOS Apps Leaking LLM API Credentials Through Network Traffic By Abinaya June 22, 2026 AI-powered iOS applications are increasingly leaking large language model (LLM) API credentials through network traffic, exposing developers to large-scale abuse of their LLM accounts and cloud resources. A recent empirical study of 444 free, LLM-enabled iOS apps from the US App Store found that 282 of them, or 64%, leaked exploitable LLM credentials when their traffic was intercepted during normal use. These vulnerable apps span 13 categories and include both niche tools and highly popular apps with over two million user ratings, demonstrating that credential leakage is a widespread ecosystem problem rather than a fringe issue. AI iOS Apps Leak LLM Credentials To systematically map this threat, researchers built a dynamic analysis framework called LLMKeyLens that observes iOS apps at runtime instead of relying on static binary analysis. Testers installed each app on physical devices, routed traffic through a man-in-the-middle (MITM) proxy, and used a custom root certificate to decrypt HTTPS flows, then triggered the app’s AI features with controlled prompts. Researchers identified exposed credentials by matching provider-specific patterns in network traffic and safely validating them with benign requests to confirm active access to LLM services. LLM API credential leakage via network traffic interception. (Source: Arxiv) The study from Wake Forest University three primary credential leakage patterns, all of which were clearly observable in network traffic captures. The first and most direct involves plaintext API keys: 54 apps sent static LLM provider keys directly in HTTP headers or query strings to endpoints such as api.openai.com or generativelanguage.googleapis.com. In many of these cases, the same request also carried sensitive system prompts, meaning a single interception could reveal both a reusable key and the proprietary business logic that drives the app’s AI behavior. Distribution of LLM API key leakage across iOS app categories (Source: Arxiv) The second pattern uncovered 92 apps that use backend proxies but fail to require any authentication on those endpoints, effectively creating unauthenticated LLM relays that anyone can call once they know the URL and basic JSON schema. The third and most common pattern involves JSON Web Tokens (JWTs): 136 apps leaked bearer tokens used to authenticate against intermediate backends, and many of those tokens remained sufficiently valid to be replayed for continued inference access. Researchers found critical JWT token management flaws, including missing expiration dates, tokens valid for up to 100 years, and servers accepting already expired tokens. Even where developers attempted to follow “short-lived token” patterns, weak enforcement effectively downgraded them back to static secrets. On the defensive side, only 143 of 444 apps implemented any form of interception resistance, and the most common protection bypassing the system HTTP proxy was defeated in 81% of cases once researchers switched to VPN-based transparent traffic capture. Robust multi-layer defenses such as custom payload encryption and anti-debugging checks were rare but significantly harder to bypass. Ninety days after responsible disclosure, only 78 of the 282 affected apps showed clear evidence of remediation, while 66 remained exploitable with little or no change. Some developers revoked keys or tightened backend authentication, but others removed or abandoned services instead of properly fixing their integrations. Overall, the findings suggest that secure LLM integration on iOS lags far behind adoption: developers frequently embed or indirectly expose credentials, providers still permit insecure client-side patterns, and app platforms do not yet systematically screen for AI-related secret leakage. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Hackers Compromised 140+ Mastra npm Packages to Deploy Password-Stealing Malware Hackers Abuse Cloud Logging Services to Evade Detection and Defender’s Visibility 13-Word Reddit Comment Can Poison ChatGPT and Gemini AI Search Results Russian and Chinese Influence Actors Use AI to Evade Bot Detection and Mimic Human Behavior Hackers Abuse PowerShell, VBScript, and BAT Files to Deliver Xctdoor Backdoor Latest News Cyber Security Klue Hack Leads to Data Breach Across Multiple Cybersecurity Companies Cyber Security News Hackers Use RemotePC RMM and PowerShell Stagers to Deploy Prinz Eugen Ransomware Cyber Security 29-Year-Old ‘Squidbleed’ Vulnerability Discovered With the Aid of Claude Mythos Preview Cyber Security News Microsoft’s New Option Allows Organizations to Block Copilot Access to Office Files Cyber Security News Microsoft has urged IT Admins to Prepare for Windows 11, Version 26H2 Update
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 22, 2026
    Archived
    Jun 22, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗