Back to Talks 2026
Talk

Living Off Someone Else's Inference

Recon Village @ DEF CON 34August 7-9, 2026

12:30 PM – 1:00 PMSunday, August 9DEF CON Creator Stage 5

Abstract

LLM-powered tooling is becoming a force multiplier for attackers, from reconnaissance automation to post-exploitation enumeration. Using their own API keys creates attribution and cost, so they look for alternatives.

Thousands of inference endpoints sit exposed on the internet: misconfigured Ollama instances, open vLLM deployments, leaked API keys in directory listings, and expired OAuth tokens from AI coding assistants that can be silently refreshed. Attackers can discover these resources and use them as free compute for their operations, without spending a dollar or registering an account.

Attendees will learn how to:

•⁠ ⁠Discover exposed inference endpoints and leaked API keys using Infreerence

•⁠ ⁠Validate that discovered resources provide usable inference access

•⁠ ⁠Operate Echidna, powered entirely by discovered inference

•⁠ ⁠Chain LLM skill agents together to execute a guided campaign against a target network

Current LLMs are effective force multipliers when directed, and significantly more so when the compute bill goes to someone else. This is resource hijacking applied to the AI era: living off someone else's inference. Understanding this threat is essential for any organization deploying or exposing AI infrastructure.

Two tools will be released as open source during the session:

•⁠ ⁠Infreerence: A multi-phase scanner and dashboard that discovers exposed inference endpoints and leaked API keys through Shodan and Censys, validates them against live provider APIs, and catalogs usable inference resources across 10+ providers.

•⁠ ⁠Echidna: A Mythic C2 agent type that consumes discovered inference endpoints and turns them into operator-directed skill agents for reconnaissance, exploitation planning, post-exploitation, and lateral movement.

Speakers

Redon Gashi
Redon Gashi

Managing Security Consultant - Sentry Cybersecurity

Redon Gashi is a Managing Security Consultant and offensive team lead at Sentry, where he has spent close to a decade leading and executing penetration tests and red team operations for Fortune 500 clients across banking, telecom, insurance, and fintech. He holds the OSEP, CRTL, and CRTO certifications, and has personally performed over 200 engagements spanning web applications, internal infrastructure, and mobile platforms, while leading many more across his team. A former lecturer at Cyber Academy, speaker at multiple BSides conferences, and multiple-time CTF champion, Redon combines deep hands-on technical expertise with a proven ability to build and scale offensive security teams.

View full speaker profile →
Armend Gashi
Armend Gashi

Managing Security Consultant at Sentry Cybersecurity

Armend Gashi is Managing Security Consultant at Sentry. With over 5 years in the industry, he specializes in application security and AWS cloud assessments. Armend has conducted AI red teaming engagements, developed multi-agent systems to perform security-focused tasks such as code auditing and exploit development, and was part of Anthropic’s external AI red team capability through HackerOne. Armend has led security research initiatives resulting in the discovery of multiple vulnerabilities, including: CVE-2023-26482 - Critical-risk vulnerability enabling remote code execution CVE-2023-48239 - High-risk vulnerability allowing arbitrary user storage updates CVE-2023-35928 - High-risk vulnerability enabling user account hijacking CVE-2023-45660 - Medium-risk application-level denial of service vulnerability CVE-2023-48301 - Medium-risk arbitrary browser code injection vulnerability CVE-2023-48307 - Low-risk server-side request forgery vulnerability

View full speaker profile →