NadMesh is Hunting for AI Services and Cloud Credentials: A Risk to Kubernetes and MCP

Colleagues, I’d like to draw your attention to a cybersecurity update.
I’ve been tracking NadMesh, a botnet that scans for exposed AI services and MCP-enabled systems.
Its target is not the host itself, but cloud keys, Kubernetes tokens, and other credentials. Docker API, Jenkins, Redis, and Telnet are also in scope.
If you run ComfyUI, Ollama, Gradio, or n8n, make sure they are not exposed to the internet. It is also worth reviewing ~/.aws/config, .env, and ~/.docker/config.json.
Why it matters: a single exposed service can lead to cloud account takeover and cluster compromise.
Have you already reviewed public-facing AI services in your infrastructure?
#cybersecurity #cloudsecurity #Kubernetes #AIsecurity


Latest comments
No comments yet.