CacheProbe: Auditing Prompt Cache Isolation in Gateway APIs
This paper addresses a critical security concern for users of LLM inference APIs, specifically those utilizing gateway services like OpenRouter, by probing for unintended global cache sharing that could lead to data leaks.
This paper investigates whether OpenRouter's API gateway architecture introduces prompt caching vulnerabilities that bypass provider-level prompt cache isolation guarantees. It specifically examines if routing through OpenRouter with shared organizational credentials inadvertently creates global cache sharing across all OpenRouter users, despite most LLM inference providers implementing per-account or per-organization prompt caching to prevent data leaks.
Over the past year, prompt caching in Large Language Models (LLMs) has become increasingly more popular across inference APIs. Prompt caching helps save precious compute resources and speeds up response times by reusing parts of the KV cache of a specific prompt for another request. However, many implementations of prompt caching are not secure against timing attacks or even basic metadata disclosure. Gu et al. (ICML 2025) develop a method to audit prompt caching in LLMs. This paper investigates whether OpenRouter's API gateway architecture introduces prompt caching vulnerabilities that bypass provider-level prompt cache isolation guarantees. Most LLM inference providers implement per-account or per-organization prompt caching to prevent data leaks, but does routing through OpenRouter with shared organizational credentials inadvertently create global cache sharing across all OpenRouter users?