Threat Actors Exploit Exposed AI Inference Endpoints for Offensive Operations
By
Alexander Culafi
Summary
Between March and May 2025, Zenity researchers observed three distinct campaigns where threat actors exploited exposed Ollama and LiteLLM inference endpoints to leverage organization-owned AI agents for offensive operations. The attacks don't require full-scale compromise or authentication — attackers only need to know the location of an exposed endpoint. This emerging attack vector allows adversaries to use enterprise AI infrastructure as free compute resources for malicious activities, including generating phishing content, conducting reconnaissance, and powering other automated attacks.
Source
Key quotes
· 3 pulledWhat's most fascinating about this attack vector is that it doesn't require a full-scale compromise, just knowledge of an exposed endpoint.
Attackers exploit the inference endpoints that...
Attackers don't need any special authentication to reach a target endpoint — they just need to know where it is.
You might also wanna read
175,000 Ollama AI Servers Found Publicly Exposed Worldwide, Enabling Malicious Activities
Security researchers from SentinelOne and Censys have discovered approximately 175,000 publicly exposed Ollama AI servers worldwide that are
New Research Papers Address LLM Security and Prompt Injection Vulnerabilities
The article discusses two new research papers on LLM security and prompt injection vulnerabilities. The first paper, 'Agents Rule of Two: A

Security Vulnerability in Notion 3.0 AI Agents Enables Data Exfiltration Through Web Search Tool Abuse
A critical security vulnerability in Notion 3.0's AI Agents feature allows attackers to exploit the web search tool for data exfiltration. T
Security Analysis: AI Agent Frameworks' Code Execution Vulnerabilities and WASM Sandbox Solution
The article discusses security vulnerabilities in popular AI agent frameworks like LangChain, AutoGen, and SWE-Agent that execute LLM-genera
Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
The security risk of combining private data access, untrusted content, and external communication in AI agents
This article warns users of LLM-based AI agents about a critical security vulnerability called the "lethal trifecta" — the combination of th

Comments
Sign in to join the conversation.
No comments yet. Be the first.