Return to Threats

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

thehackernews.com 2026-07-17 data leakage Critical

What Happened

A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, and workflow builders that teams stand up fast and firewall late. The intel feed behind that counter

Why It Matters

According to multiple reports, the NadMesh botnet is a Go-based malware campaign that scans for exposed AI services (ComfyUI, Ollama, n8n, Open WebUI, Langflow, Gradio) and adjacent admin interfaces (Docker API, Jenkins, Redis, Kubernetes, Elasticsearch) to steal cloud credentials, Kubernetes service account tokens, model access, and MCP tools, with the operator’s panel showing thousands of unique AWS keys harvested.[1][3][5][6][7] It exfiltrates data from environment variables, ~/.aws/config, .env files, Kubernetes tokens, and other configuration paths, explicitly targeting internet-facing AI and MCP infrastructure for scalable credential theft and execution rights.[1][6][7] From a RealGround perspective, this is a critical data leakage and AI supply chain risk: exposed AI frontends and MCP tools become a high-priority entry point for cloud takeover, lateral movement into Kubernetes, and abuse of AI execution capabilities. Organizations should harden AI services behind authentication, remove secrets from configs and .env files, implement continuous external attack surface monitoring and red teaming for AI endpoints, and treat agent tooling (MCP, workflows) as part of the s

Healthcare Fintech SaaS SMB AI startups

RealGround Analysis

This signal maps to data leakage. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.

Recommended Actions

  • Restrict AI agent tool permissions and production write paths.
  • Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
  • Add human approval workflows for high-impact or state-changing actions.
  • Run prompt injection and indirect prompt injection tests against affected workflows.
  • Document the owner, control gap, and remediation deadline for this risk class.

Source

https://thehackernews.com/2026/07/new-nadmesh-botnet-hunts-exposed-ai.html

Talk to AI CISO