SShortSingh.
Back to feed

Exposed AI Endpoints Hijacked for Offensive Operations Without Any Exploit

0
·1 views

Between March and May 2026, Zenity researchers documented three separate campaigns in which attackers exploited publicly exposed Ollama and LiteLLM instances to run their own offensive AI operations, requiring no credentials or vulnerabilities. The attacks succeeded purely because default configurations left endpoints unauthenticated and reachable over the internet. In one case, a 140,000-character prompt directed an autonomous penetration-testing agent against a French auction house; in another, over 150 offensive security tools were staged on an exposed instance; a third used a fabricated 'security auditor' persona to bypass model safety guardrails. Because all malicious traffic originates from the victim's infrastructure, the owner's IP address becomes linked to the attack chain. Security researchers warn that AI infrastructure deployed with default settings must be hardened like any other internet-facing service, including mandatory authentication and restricted network exposure.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Computer Use Demos Impress, But May Signal AI Interface Design Is Stuck

Computer use agents that navigate websites and complete tasks via plain-language commands remain the most compelling demonstrations in AI today. However, a growing critique suggests these workflows are fundamentally retrofitted, forcing a new technology paradigm into outdated interface conventions. Typed chat has been the default gateway to AI for three years, but it may not be the long-term solution for interacting with advanced intelligence. Having AI agents mimic human mouse movements and keystrokes is seen as a temporary bridge rather than a sustainable design direction. As AI adoption matures, experts argue that rethinking interaction and interface design should become a central industry priority.

0
ProgrammingDEV Community ·

Developer releases zero-dependency React rich text editor as open-source npm package

A developer named Elango has published react-lite-rich-text-editor, a lightweight WYSIWYG editor for React applications that relies solely on native browser APIs with no external dependencies. The package was created to address common trade-offs with popular editors like Draft.js, Quill, Slate, and TipTap, including large bundle sizes and complex setup requirements. The editor supports rich text formatting, headings, lists, tables, image uploads with drag-to-resize, video embeds from platforms like YouTube and Vimeo, and markdown shortcuts. It is compatible with React 16 and above, requires minimal configuration, and returns content as an HTML string via an onChange callback. The package is available on npm under the name react-lite-rich-text-editor, with source code hosted publicly on GitHub.

0
ProgrammingDEV Community ·

Five configuration checks to fix OpenAI-compatible API integration failures

Most failures when integrating OpenAI-compatible APIs stem from configuration mismatches rather than SDK bugs. Developers should verify the base URL, API key, and exact model ID before writing any application code. Running a minimal cURL request first helps confirm the setup works independently of frameworks like LangChain or Dify. Reviewing request logs for model used, token count, failure reason, and cost can catch silent misrouting issues. The most frequent error is updating only the base URL while leaving an outdated key or model alias in place, often triggering 401 errors or unexpected charges.

0
ProgrammingDEV Community ·

Backpropagation Is Just Dynamic Programming (I Animated It to Prove It)

Everyone learns backpropagation as "apply the chain rule." Almost nobody explains why it's fast — and that "why" is the whole reason deep learning is computationally possible at all. So I animated one full training step to show the part most explanations skip. What you're actually seeing Forward pass: a single signal travels through 3 weights → a prediction → compared to the target = the loss. Backward pass: the error (δ) flows back through the network. δ₃ is computed at the output, then reused to get δ₂, which is reused to get δ₁ — never recalculated from scratch.

Exposed AI Endpoints Hijacked for Offensive Operations Without Any Exploit · ShortSingh