The rapid adoption of artificial intelligence is creating new security challenges, with recent findings showing that many AI systems are being deployed with serious vulnerabilities.
A study by Intruder reveals that modern AI infrastructure is often more exposed and poorly secured than traditional software environments.
Fast Growth, Weak Security
As companies rush to deploy self-hosted large language models (LLMs), security is being overlooked. While the industry has improved software security over the years, the speed of AI adoption is undoing some of that progress.
In one example, a self-hosted AI assistant known as ClawdBot was found to accumulate an average of 2.6 vulnerabilities per day, highlighting how unstable some of these systems can be.
Millions of Exposed Systems
Researchers analyzed over 2 million hosts and discovered more than 1 million exposed services linked to AI infrastructure.
One of the most concerning findings was how many systems were deployed without any authentication. In many cases, this wasn’t due to misconfiguration — authentication simply wasn’t enabled by default.
This means sensitive systems were accessible to anyone on the internet, including:
- Internal tools
- User data
- AI chat systems
Chatbots Leaking Sensitive Data
Several exposed systems included chatbots that allowed unrestricted access to user conversations. In enterprise environments, these chat logs can reveal confidential business data.
Some platforms also allowed public access to advanced AI models. This opens the door for misuse, such as:
- Bypassing safety restrictions
- Generating harmful or illegal content
- Using paid AI services without authorization
In some cases, API keys were even exposed in plain text, creating an immediate security risk.
Open Access to AI Management Platforms
The research also uncovered exposed instances of popular AI workflow tools like n8n and Flowise. These platforms were accessible online without authentication, exposing entire workflows and system logic.
In one case, attackers could potentially:
- Access connected third-party services
- Modify workflows
- Extract sensitive data
More than 90 exposed systems were identified across sectors including government, finance, and marketing.
Unsecured APIs and Hidden Risks
Another major issue involved exposed APIs from Ollama, a tool used to run AI models locally. Out of over 5,000 servers tested, nearly one-third responded without requiring authentication.
Some of these systems were connected to premium AI models from providers like OpenAI and Google, raising concerns about misuse and unauthorized access.
Common Security Failures
Further analysis revealed recurring problems across AI deployments:
- Weak or missing authentication
- Hardcoded credentials
- Poorly configured containers
- Applications running with excessive privileges
- Lack of proper isolation or sandboxing
In some cases, researchers were even able to identify code execution vulnerabilities within a short testing period.
The Bigger Picture
The findings highlight a growing trend: speed is taking priority over security. Companies are racing to deploy AI solutions, often without putting proper protections in place.
This creates a dangerous environment where attackers can easily exploit exposed systems, gain access to sensitive data, and potentially take full control of infrastructure.
Final Thoughts
AI is becoming a core part of modern business operations, but its security is still catching up. Without stronger safeguards, better defaults, and continuous monitoring, these systems could become a major entry point for cyber attacks.
Organizations need to slow down, review their deployments, and prioritize security before scaling further.