NadMesh exposed AI services scanning campaign
Campaign
Summary
Hide ▲
Show ▼
The NadMesh campaign is repeatedly resampling exposed ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio systems, keeping pressure on internet-facing AI and admin services. Its automated queueing and rescan logic raise the odds of credential theft and later abuse of whatever it finds. The operation is notable because it is not a one-pass scan; it keeps returning to the same high-value hosts and subnets. That sustained targeting broadens exposure across teams that deployed AI tooling before hardening it.
Related Happenings
NadMesh botnet hunts exposed AI services for AWS keys and Kubernetes tokens
Malware Activity
H score25
First: 17.07.2026 20:12
Last: 17.07.2026 20:12
Sources 1
How related:
A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys.
About this happening:
The NadMesh botnet is actively hunting exposed AI services and stealing AWS keys and Kubernetes tokens, creating immediate cloud-account takeover risk. Its con...
NadMesh botnet hunts exposed AI services for AWS keys and Kubernetes tokens
Malware ActivityHow related: A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys.
About this happening: The NadMesh botnet is actively hunting exposed AI services and stealing AWS keys and Kubernetes tokens, creating immediate cloud-account takeover risk. Its con...
Timeline
-
17.07.2026 20:12 2 articles · 1h ago
NadMesh exposed AI services scanning campaign
Initial DisclosureIn early July 2026, NadMesh began focusing on exposed AI and workflow services and immediately built a repeat-targeting loop around hits. The first phase was broad discovery followed by denser rescans of the same subnets and newly flagged hosts.
Show sources
- New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens — thehackernews.com — 17.07.2026 20:12
- New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens — thehackernews.com — 17.07.2026 20:12