logo

Attackers Seize Exposed AI Endpoints to Power Offensive Ops

ID: bea831b4-e584-5086-8820-4452b137ad15

STIX ID: report--bea831b4-e584-5086-8820-4452b137ad15

Feed Name: Dark Reading

Threat Score
70/100

Date Published: 2026-06-30

Date Updated: 2026-07-02

Author: Alexander Culafi

...
...

Zenity researchers observed three active campaigns (March–May) in which attackers discovered and abused exposed Ollama and LiteLLM inference endpoints to use those hosts as model backends and execute malicious AI agents (Strix, HexStrike, and a Codex persona). By pointing LLM clients at internet-facing endpoints that often lack authentication or use default keys, attackers delivered full-agent payloads to orchestrate penetration-testing tooling and web reverse-engineering without needing a traditional software exploit; Zenity recommends not exposing model backends, enforcing authentication, inspecting request bodies, and monitoring AI infrastructure.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.