Your AI agent calls an API. The API calls a router. The router has full plaintext access to every JSON payload in flight. No encryption between you and the upstream model. That is how most LLM API routing works today. And researchers just proved it is worse than you think. The numbers A team from UC Santa Barbara tested 428 LLM API routers. 28 paid (from Taobao, Xianyu, Shopify storefronts). 400 free (from public communities). The paper is called "Your Agent Is Mine" (arXiv 2604.08407). Here is what they found: 9 routers were actively injecting malicious code into responses (1 paid, 8 free) 17 routers accessed researcher-owned AWS canary credentials 1 router drained ETH from a researcher-owned private key 2 routers deployed adaptive evasion triggers (they only inject when they detect certain conditions) That is not theoretical. That is live, measured, happening right now. How the attack works LLM API routers sit between your agent and the model provider. They are application-layer proxies.…