Internet Scanners Systematically Targeting AI Infrastructure for Exposed Credentials

Summary

Security research from honeylabs reveals systematic and widespread scanning activity targeting AI infrastructure across multiple companies. Analysis of network traffic over 90 days shows coordinated reconnaissance efforts, including 3,861 requests over three weeks from a single Dutch ASN targeting Anthropic's API proxy paths, and sustained probing of Ollama's default unprotected port 11434 with 50–80 distinct scanner IPs per week since March 2026. A notable 45-minute sweep on May 18 systematically attempted to access credential storage conventions used by Claude Code, Claude Desktop, Anthropic SDK, OpenAI Codex, Google Gemini, DeepSeek, and Alibaba's DashScope. The scale and sophistication of these reconnaissance efforts indicate that AI infrastructure has become a high-value target for attackers actively mapping and attempting to exploit exposed services and credential storage paths.

• The evolution from opportunistic to systematic reconnaissance suggests credential theft vectors for AI tools have been weaponized in automated attack frameworks

Editorial Opinion

This research reveals a critical inflection point in the AI security landscape: reconnaissance against AI infrastructure has shifted from opportunistic to systematic and industrialized. The targeting of credential storage conventions across multiple platforms demonstrates that attackers have developed and weaponized shared intelligence about where AI developers store secrets. For AI companies and the developer community, this underscores an urgent need to move beyond convention-based credential storage, implement infrastructure-level access controls, and establish persistent monitoring for credential theft attempts.