A malicious PyPI package, hermes-px, that masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a private university AI service. Marketed as an OpenAI-compatible, Tor-routed proxy requiring no API keys, the package actually hijacks a Tunisian university’s internal AI endpoint, injects a stolen Anthropic Claude system prompt, and exfiltrates every […] The post Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/trojanized-pypi-ai/
