NadMesh, a Go-based botnet discovered in early July, actively targets exposed AI services to harvest cloud credentials and container orchestration tokens. The operator's dashboard displays 3,811 unique AWS keys obtained from compromised systems.
The botnet uses a Shodan harvester that continuously scans for vulnerable instances of ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio. These tools serve legitimate purposes. ComfyUI and Open WebUI run image generation workloads. Ollama executes local language models. n8n, Langflow, and Gradio enable workflow automation and rapid prototyping.
The attack pattern follows a predictable cycle. Development teams deploy these services quickly to test AI capabilities, but often expose them directly to the internet without authentication or network segmentation. NadMesh identifies these instances through Shodan queries and exploits their internet-accessible endpoints.
Once infiltrated, the botnet harvests multiple asset types. AWS access keys grant direct cloud resource access. Kubernetes tokens enable lateral movement within container clusters. API keys for third-party services expand the attacker's reach across connected infrastructure. The stolen credentials allow operators to maintain persistence, exfiltrate data, or launch further attacks against cloud environments.
The 3,811 documented AWS keys represent a significant collection window. Each key potentially grants access to multiple cloud resources. Compromised Kubernetes tokens can provision new containers, modify deployments, or access sensitive workloads running in production environments.
Organizations deploying AI services should implement authentication on all exposed endpoints, restrict network access through firewalls or VPC configurations, and rotate credentials regularly. Cloud providers recommend scanning for public AWS key exposure and enabling MFA on high-privilege accounts. Container orchestration platforms benefit from role-based access controls and audit logging to detect token misuse.
The
