Living Off Someone Else's Inference
Recon Village @ DEF CON 34 • August 7-9, 2026
Abstract
LLM-powered tooling is becoming a force multiplier for attackers, from reconnaissance automation to post-exploitation enumeration. Using their own API keys creates attribution and cost, so they look for alternatives.
Thousands of inference endpoints sit exposed on the internet: misconfigured Ollama instances, open vLLM deployments, leaked API keys in directory listings, and expired OAuth tokens from AI coding assistants that can be silently refreshed. Attackers can discover these resources and use them as free compute for their operations, without spending a dollar or registering an account.
Attendees will learn how to:
• Discover exposed inference endpoints and leaked API keys using Infreerence
• Validate that discovered resources provide usable inference access
• Operate Echidna, powered entirely by discovered inference
• Chain LLM skill agents together to execute a guided campaign against a target network
Current LLMs are effective force multipliers when directed, and significantly more so when the compute bill goes to someone else. This is resource hijacking applied to the AI era: living off someone else's inference. Understanding this threat is essential for any organization deploying or exposing AI infrastructure.
Two tools will be released as open source during the session:
• Infreerence: A multi-phase scanner and dashboard that discovers exposed inference endpoints and leaked API keys through Shodan and Censys, validates them against live provider APIs, and catalogs usable inference resources across 10+ providers.
• Echidna: A Mythic C2 agent type that consumes discovered inference endpoints and turns them into operator-directed skill agents for reconnaissance, exploitation planning, post-exploitation, and lateral movement.
Speakers
Managing Security Consultant - Sentry Cybersecurity
Redon Gashi is a Managing Security Consultant and offensive team lead at Sentry, where he has spent close to a decade leading and executing penetration tests and red team operations for Fortune 500 clients across banking, telecom, insurance, and fintech. He holds the OSEP, CRTL, and CRTO certifications, and has personally performed over 200 engagements spanning web applications, internal infrastructure, and mobile platforms, while leading many more across his team. A former lecturer at Cyber Academy, speaker at multiple BSides conferences, and multiple-time CTF champion, Redon combines deep hands-on technical expertise with a proven ability to build and scale offensive security teams.
View full speaker profile →Managing Security Consultant at Sentry Cybersecurity
Armend Gashi is Managing Security Consultant at Sentry. With over 5 years in the industry, he specializes in application security and AWS cloud assessments. Armend has conducted AI red teaming engagements, developed multi-agent systems to perform security-focused tasks such as code auditing and exploit development, and was part of Anthropic’s external AI red team capability through HackerOne. Armend has led security research initiatives resulting in the discovery of multiple vulnerabilities, including: CVE-2023-26482 - Critical-risk vulnerability enabling remote code execution CVE-2023-48239 - High-risk vulnerability allowing arbitrary user storage updates CVE-2023-35928 - High-risk vulnerability enabling user account hijacking CVE-2023-45660 - Medium-risk application-level denial of service vulnerability CVE-2023-48301 - Medium-risk arbitrary browser code injection vulnerability CVE-2023-48307 - Low-risk server-side request forgery vulnerability
View full speaker profile →
