labs.zenity.io
Attackers Exploit Exposed AI Endpoints for Offensive Operations
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Between March and May 2026, Zenity researchers observed three distinct campaigns where attackers hijacked exposed AI endpoints from Ollama and LiteLLM for offensive operations. The attackers exploited inference endpoints without needing special authentication, simply configuring agents to use these endpoints as their model backends. Two autonomous penetration testing frameworks, Strix and HexStrike AI, along with an OpenAI Codex agent, were utilized in these operations. Notably, one operator sent a 140,000-character prompt to weaponize Strix against a French auction site. The lack of built-in authentication and common misconfigurations left these endpoints vulnerable. Zenity's honeypots captured the attacks, preventing further exploitation. The incidents highlight significant security risks associated with misconfigured AI services.
Key Points: • Attackers exploited exposed AI endpoints without needing authentication. • Three campaigns involved Strix, HexStrike AI, and an OpenAI Codex agent. • Misconfigurations in Ollama and LiteLLM contributed to the vulnerabilities.