VessOnSecuritybontchev@infosec.exchange
Jul 2, 2026, 1:28 PMretooted Catalin Cimpanu
Threat actors are mass-scanning the internet for misconfigured LLM backend servers.
Mass-reconnaissance campaigns have been spotted targeting Ollama, LiteLLM, Langserv, and OpenClaw infrastructure
https://labs.zenity.io/p/scanning-for-ai-live-campaigns-mapping-the-internet-s-exposed-llm-backends