NadMesh Botnet Exploits Exposed AI Services to Steal Cloud Credentials and Kubernetes Tokens
A new botnet named NadMesh is targeting exposed AI services to steal cloud credentials and Kubernetes tokens by exploiting vulnerabilities in Docker APIs, Jenkins consoles, and MCP tools. The botnet uses advanced persistence techniques and obfuscation to evade detection, with researchers noting its focus on cloud access rather than host compromise.
A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys.
A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, and workflow builders that teams stand up fast and firewall late.
The intel feed behind that counter
*** END OF TRANSMISSION ***