NadMesh Go botnet probes exposed AI apps for cloud keys and K8s tokens
Source headline: New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens
Intelligence Summary
A Go-based botnet, NadMesh, has been observed scanning the internet for exposed AI services. The campaign targets endpoints that may leak access to cloud credentials, including AWS keys, and Kubernetes tokens. An accompanying dashboard claimed thousands of unique AWS keys tied to the operator’s findings. The botnet reportedly uses a Shodan-driven harvesting approach to keep the scan queue populated. Organizations running AI tools such as ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio should review public exposure and tighten access controls.
Recommended Action
Prioritize immediate review, validate exposure, and patch or mitigate affected systems.