A Go botnet called NadMesh is hunting exposed AI services like ComfyUI and Ollama, and its operator's dashboard shows 3,811 unique AWS keys captured. Learn how it works and how to protect your cloud credentials.
A new botnet called NadMesh surfaced in early July, and it's not your typical credential harvester. Written in Go, it's specifically hunting exposed AI services, and according to the operator's own dashboard, it's already scooped up 3,811 unique AWS keys. That's a wake-up call for any team running AI tools on cloud infrastructure.
Think about it: you spin up a ComfyUI instance for image generation, or an Ollama server for local model testing, and you probably don't think twice about security. But NadMesh is designed to find exactly those kinds of setups. It uses a Shodan harvester to keep its scan queue constantly fed with targets like ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio. These are the tools teams love because they're fast to deploy and powerful. But they're also the ones that often get firewalled as an afterthought.
### How NadMesh Works
The botnet scans for exposed endpoints on these AI services. Once it finds one, it tries to extract credentials, API keys, and Kubernetes tokens. The operator's dashboard is a live counter that shows the haul: thousands of AWS keys, plus whatever else gets pulled in. The scary part is that these aren't random targets. They're specific, high-value services that often have direct access to cloud resources.
- **ComfyUI and Ollama** are popular for running AI models locally, but they can be misconfigured to expose APIs.
- **n8n and Langflow** are workflow automation tools that often have access to databases and cloud services.
- **Open WebUI and Gradio** are frontends for AI models, and they can leak tokens if not secured.
### Why This Matters for Your Team
If you're running any of these services, even for testing, you need to check your setup. The botnet isn't just scanning for fun; it's actively collecting keys that can be used to access your cloud accounts. And with 3,811 AWS keys already captured, this is a serious threat. The intel feed behind that counter is real-time data on what's being exploited.
A good rule of thumb: never expose AI services directly to the internet without a reverse proxy, authentication, and strict firewall rules. Use tools like Cloudflare tunnels or VPNs to keep them private. And regularly rotate your API keys, especially if you've ever run any of these tools on a public IP.
### What You Can Do Right Now
1. **Audit your exposed services** โ Check Shodan for your own IPs and see what's visible.
2. **Add authentication** โ Most of these tools support basic auth or OAuth. Use it.
3. **Monitor for unusual activity** โ Look for unexpected API calls or key usage in your cloud logs.
4. **Rotate keys** โ If you've used any of these services recently, assume they could be compromised.
NadMesh is a reminder that the convenience of AI tools can come with hidden costs. The botnet is still active, and the operator's dashboard keeps climbing. Don't let your keys end up on that list.