What if the model is not the thing that got hacked?

Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain

If your agent talks to OpenAI, Anthropic, or Google through a third-party API router, that router sits in the middle with full plaintext access to the JSON request and response. It does not need to jailbreak the model. It can just rewrite the returned tool call before the client executes it. The paper calls this an intermediary attack on the LLM supply chain.

Hanzhi Liu, Chaofan Shou, Hongbo Wen, Yanju Chen, Ryan Jingyang Fang, and Yu Feng, Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain, arXiv:2604.08407v1, April 9, 2026. PDF version