Widespread exposure and misconfiguration in self-hosted AI infrastructure
Trend
Summary
Hide ▲
Show ▼
A large-scale measurement found self-hosted AI infrastructure was being deployed with widespread exposure and no authentication, creating a broad risk of data theft, workflow tampering, and compromise across 2 million hosts and 1 million exposed services. A probe of 5,200+ servers found 31% answered a simple prompt, showing that many exposed AI endpoints were reachable with no access barrier. The measured footprint also included over 90 exposed instances across government, marketing, and finance, underscoring that the problem spans multiple sectors.
Related Happenings
OpenAI ChatGPT Atlas BioShocking fix
Advisory/Mitigation
H score34
First: 01.07.2026 00:50
Last: 01.07.2026 00:50
Sources 1
About this happening:
OpenAI delivered a **working fix** for **BioShocking** in **ChatGPT Atlas**, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and **c...
OpenAI ChatGPT Atlas BioShocking fix
Advisory/MitigationAbout this happening: OpenAI delivered a **working fix** for **BioShocking** in **ChatGPT Atlas**, closing a prompt-injection path that could push an AI browser toward unsafe real-world actions and **c...
IPhone AI chatbot traffic leak of API keys, replayable tokens, and open relays
Technical Analysis
H score27
First: 30.06.2026 16:49
Last: 30.06.2026 16:49
Sources 1
About this happening:
**LLMKeyLens** testing found **444 iPhone AI chatbot apps** leaking **paid AI access**, exposing **API keys**, **replayable tokens**, and **open relays** that let others bill mode...
IPhone AI chatbot traffic leak of API keys, replayable tokens, and open relays
Technical AnalysisAbout this happening: **LLMKeyLens** testing found **444 iPhone AI chatbot apps** leaking **paid AI access**, exposing **API keys**, **replayable tokens**, and **open relays** that let others bill mode...
LayerX BioShocking prompt injection against agentic browsers
Technical Analysis
H score30
First: 24.06.2026 19:05
Last: 24.06.2026 19:05
Sources 1
About this happening:
Researchers demonstrated **BioShocking**, a prompt-injection technique that pushed **six agentic browsers and plugins** past guardrails and made them **copy login credentials** fo...
LayerX BioShocking prompt injection against agentic browsers
Technical AnalysisAbout this happening: Researchers demonstrated **BioShocking**, a prompt-injection technique that pushed **six agentic browsers and plugins** past guardrails and made them **copy login credentials** fo...
Broad exposure of admin panels, databases, and legacy services across organizations
Trend
H score18
First: 17.06.2026 13:30
Last: 17.06.2026 13:30
Sources 1
About this happening:
Broad exposure of **HTTP panels**, **databases**, and legacy services is expanding organizations' internet-facing attack surface, increasing brute-force and initial-access risk. I...
Broad exposure of admin panels, databases, and legacy services across organizations
TrendAbout this happening: Broad exposure of **HTTP panels**, **databases**, and legacy services is expanding organizations' internet-facing attack surface, increasing brute-force and initial-access risk. I...
JetBrains Marketplace malicious plugins exfiltrating AI provider keys
Malware Activity
H score12
First: 17.06.2026 12:38
Last: 17.06.2026 12:38
Sources 1
About this happening:
A **JetBrains Marketplace** malware operation has pushed **15 malicious plugins** that pose as AI coding assistants and steal **AI provider API keys** from developers. The plugins...
JetBrains Marketplace malicious plugins exfiltrating AI provider keys
Malware ActivityAbout this happening: A **JetBrains Marketplace** malware operation has pushed **15 malicious plugins** that pose as AI coding assistants and steal **AI provider API keys** from developers. The plugins...
Timeline
-
05.05.2026 13:30 2 articles · 2mo ago
Large-scale self-hosted AI exposure findings
Initial DisclosureA large-scale measurement of self-hosted AI infrastructure found widespread unauthenticated exposure across just over 2 million hosts and 1 million exposed services, including OpenUI chatbots with exposed LLM conversation history, exposed n8n and Flowise instances, and unsecured Ollama APIs. The findings also included more than 90 exposed instances across government, marketing, and finance, along with insecure defaults such as no authentication on fresh installs, hardcoded credentials, misconfigured Docker setups, and direct access to tools that could broaden compromise.
Show sources
- We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is — thehackernews.com — 05.05.2026 13:30
- We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is — thehackernews.com — 05.05.2026 13:30