A Go botnet called NadMesh is actively hunting exposed AI services, collecting thousands of AWS keys and Kubernetes tokens from misconfigured tools like ComfyUI and Ollama. Here's how to protect your infrastructure.
In early July, security researchers stumbled onto something troubling: a new Go-based botnet called NadMesh, actively hunting exposed AI services across the internet. The operator's own dashboard claims it has already collected 3,811 unique AWS keys. That's not a typo. And it's not some theoretical threat either. It's happening right now.
### What Makes NadMesh Different
Most botnets go after general servers or IoT devices. Not this one. NadMesh is laser-focused on AI infrastructure. It scans for services that teams often spin up fast and forget to secure properly. We're talking about tools like ComfyUI for image generation, Ollama for running local models, n8n for workflow automation, Open WebUI, Langflow, and Gradio. These are the image generators, local model runners, and workflow builders that developers set up in minutes but sometimes leave exposed for weeks.
A Shodan harvester keeps the scan queue constantly stocked. It finds these exposed services and feeds them to the botnet, which then tries to grab cloud keys and Kubernetes tokens. If you're running any of these tools without proper authentication, you're basically leaving your front door wide open.
### How the Attack Works
The botnet doesn't use fancy zero-day exploits. It relies on something simpler: misconfiguration. Teams stand up these services for quick experiments or internal tools, and they often skip setting up firewalls or authentication. The botnet finds them, extracts credentials from environment variables or config files, and sends them back to the operator's dashboard.
Here's a quick breakdown of what NadMesh targets:
- Cloud keys (AWS, Azure, GCP)
- Kubernetes tokens
- API keys for AI services
- Database credentials
Once those keys are stolen, the attacker can spin up their own compute resources at your expense, access your data, or even use your cloud credits for crypto mining. It's a low-effort, high-reward play for the bad guys.
### Why This Matters for Your Team
If you're running any of these AI tools in your environment, you need to check your security posture right now. The botnet is actively scanning, and it's not going away. The operator's dashboard shows 3,811 AWS keys, but that number is probably higher by now. Every exposed service is a potential entry point.
> "The most dangerous threats aren't the ones you plan for. They're the ones you accidentally invite in."
### What You Can Do About It
First, make sure all your AI services are behind a firewall or VPN. Don't rely on default settings. Second, use authentication for everything, even internal tools. Third, rotate your cloud keys regularly and monitor for unusual usage. Finally, scan your own infrastructure with tools like Shodan to see what's exposed.
This isn't just a security issue. It's a reminder that the tools we build for speed and convenience can also become our biggest vulnerabilities. Take a few minutes today to lock down your services. It could save you thousands of dollars and a lot of headaches later.