How a New Botnet Is Stealing Cloud Keys from Exposed AI Services

·
Listen to this article~5 min
How a New Botnet Is Stealing Cloud Keys from Exposed AI Services

A new Go botnet called NadMesh is hunting exposed AI services like ComfyUI and Ollama, stealing AWS keys and Kubernetes tokens. Learn how it works and how to protect your infrastructure.

A Go botnet called NadMesh appeared in early July, and it's already hunting for exposed AI services. According to the operator's own dashboard, the campaign has netted 3,811 unique AWS keys so far. That number alone should make any team using AI tools pause. But the real story is how it's happening—and what it means for the way we deploy these services. ### What NadMesh Is Actually Doing NadMesh doesn't rely on brute force or zero-day exploits. Instead, it uses a Shodan harvester to keep its scan queue stocked with targets. The botnet is specifically looking for instances of ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio. These are the tools teams love: image generators, local model runners, and workflow builders. They're easy to stand up and get running fast. But that speed often comes at a cost—security takes a back seat, and firewalls get configured later, if at all. Here's what makes NadMesh so effective: - It scans for exposed endpoints using Shodan, a search engine for internet-connected devices. - It targets services that are often left open for convenience, not necessity. - Once inside, it extracts cloud keys and Kubernetes tokens stored in environment variables or config files. - Those keys are then sent back to the operator's infrastructure. ### Why AI Services Are Prime Targets You might wonder why a botnet would go after AI tools specifically. The answer is simple: these services often have broad cloud access. A ComfyUI instance might be connected to an AWS S3 bucket for storing generated images. An Ollama deployment could have access to a Kubernetes cluster for scaling. When teams set up these tools, they frequently use default configurations or embed credentials directly into the code. It's not malicious—it's just fast. But fast doesn't leave room for security reviews. The result is a goldmine for attackers. One exposed service can lead to thousands of cloud keys, which can then be used to spin up expensive compute resources, exfiltrate data, or pivot to other systems. ### The Intel Behind the Dashboard The operator's dashboard claiming 3,811 AWS keys is a big red flag. It suggests this isn't a small operation. It's a well-organized campaign with clear goals: steal credentials, monetize them, and keep going. This isn't just about NadMesh either. It's a reminder that any exposed service is a potential entry point. The tools we rely on for productivity and creativity can become liabilities if we don't secure them. ### How to Protect Your AI Services There are practical steps you can take right now to reduce your risk: - **Use firewalls and network policies.** Don't expose AI services to the public internet unless absolutely necessary. Use VPNs or private networks instead. - **Rotate credentials regularly.** If you have AWS keys or Kubernetes tokens stored in config files, rotate them and use short-lived tokens where possible. - **Monitor for unusual activity.** Set up alerts for unexpected API calls or spikes in cloud usage. - **Scan your own infrastructure.** Use tools like Shodan yourself to see what's visible from the outside. You might be surprised. - **Review default configurations.** Many AI tools ship with settings that are convenient but insecure. Change them before deploying. ### The Bigger Picture NadMesh is just one botnet, but it represents a growing trend. As AI adoption accelerates, attackers are following the money. Exposed services are low-hanging fruit, and the rewards are high. The key takeaway is that security isn't an afterthought. It needs to be part of the deployment process from day one. Otherwise, a tool designed to help you create could end up costing you a lot more than you bargained for. Stay vigilant, keep your services locked down, and remember: convenience is great, but not at the expense of your cloud keys.