An analysis of how internet scanners are targeting AI infrastructure (honeylabs.net)

Recently, a detailed analysis highlighted a concerning trend where internet scanners are actively targeting AI infrastructure, particularly focusing on endpoints used by models like Claude, Codex, and others. In just three weeks, a Dutch ASN sent 3,861 requests specifically aimed at Anthropic API paths, revealing that many configurations are potentially vulnerable due to their lack of authentication. Notably, port 11434—associated with default Ollama installations—has been a prime target, receiving consistent probing activity from numerous distinct IPs, indicating a growing interest in discovering and exploiting weaknesses in AI services. This situation is significant for the AI/ML community as it underscores the urgency of securing AI-related infrastructures against opportunistic credential harvesting. The analysis revealed a sweeping attempt to access various credential storage conventions for modern AI tools, treating API keys as highly valuable targets alongside traditional cloud service credentials. The implications are clear: as the adoption of AI technologies rises, so does the risk of exploitation, calling for heightened security measures across platforms to safeguard sensitive data and maintain the integrity of AI services. This serves as a critical reminder for developers to prioritize security in their deployments and ensure that default installations do not become vulnerable entry points.