NuClide Research
Most recent
navigate open esc close Corpus index built 2026-06-07 23:58 UTC

← All engagement records

Case study May 20, 2026

University AI Infrastructure Exposures

Bill Rondell, Nick Adams & Dade Murphy — May 20, 2026 — case study — 10 min read — 2,291 words
Sector
Other

NuClide Research, ongoing · Updated 2026-05-20 (Session 26 — Lane B complete)

2,710 confirmed exposures · 71 countries · 10,224 institutions swept · Live globe →

Unauthenticated Ollama, Open WebUI, JupyterHub, and LiteLLM instances discovered on university networks worldwide. Organized by country / state.

Structure

  • US/, United States, organized by state prefix (e.g. NY-columbia.md)
  • international/CC/, all other countries, grouped by ISO country code

Sub-surveys

FileDateClassOutput
edu-llm-infra-sweep-2026-05-19.md2026-05-19Stage 0 dork-map1,584 verified-dork × hostname:.edu; 382 productive dorks (24%); full LLM-tier coverage incl. Jupyter (800), Open WebUI (133), Streamlit :8501 (167), n8n (90), Ollama (87), LiteLLM (35) and more

Confirmed Findings

FileInstitutionCountry/StateSeverityKey Finding
NY-columbia.mdColumbia UniversityUS · NYCRITICALCloud proxy (deepseek-v4-pro) + cred leak (username: seascvn066)
CA-ucsb.mdUC Santa BarbaraUS · CACRITICALAuth disabled, open inference, “AI Lab”, macOS user marcos leaked
NY-suny-buffalo.mdSUNY BuffaloUS · NYCRITICALCloud proxy 200 OK confirmed, 26 models, RAG pipeline components
NC-duke.mdDuke UniversityUS · NCHIGHAgent model with file inspection tools, function-calling, injection surface
IN-purdue-northwest.mdPurdue University NorthwestUS · INCRITICAL3 cloud proxies live (200 OK): qwen3-coder-next, gemma4:31b, gpt-oss:20b
Keio.mdKeio UniversityJapanHIGHDual DeepSeek cloud proxy, qwen3.5:122b (75GB) accessible without auth
Chulalongkorn.mdChulalongkorn UniversityThailandHIGH3 cloud proxies (DeepSeek, Kimi K2.6, Qwen), cred leak (user: llm)
POSTECH.mdPOSTECHSouth KoreaCRITICAL11 nodes, 6 account takeovers, 18+ cloud subs incl. Kimi 1T, DeepSeek 671B, Qwen 480B; bionlinux2 + indians (baseball naming)
shiv-nadar.mdShiv Nadar UniversityIndiaCRITICAL3-node cluster, 376GB local DeepSeek, 18 cloud subscriptions
hanoi.mdHanoi UniversityVietnamHIGH18 cloud proxies, cred leak, Docker container ID leaked as username
KTH.mdKTH Royal Institute of TechnologySwedenHIGHDual-node DeepSeek cloud, abliterated Gemma running as root
tech-crete-ntua.mdTech Univ. Crete + NTUAGreeceHIGHTechCrete: MiniMax cred leak (user: arian); NTUA: 235.7B model open
ON-western-ontario.mdUniversity of Western OntarioCanada · ONHIGHCloud proxy (deepseek-v4-pro), 9 models including vision-language
NY-rit.mdRochester Institute of TechnologyUS · NYCRITICAL4 nodes: DGX w/ 18 cloud subs, student machine w/ 2 abliterated QwQ-32B
newcastle.mdUniversity of NewcastleAustraliaHIGHDeepSeek cloud proxy, RAG pipeline (mxbai-embed)
armenian-academy.mdIIAP NAS ArmeniaArmeniaHIGHDual cloud proxy, Docker container ID cred leak
JKUAT.mdJomo Kenyatta UniversityKenyaHIGHCloud proxy (minimax-m2.7), unauthenticated inference
zilina.mdUniversity of ŽilinaSlovakiaCRITICALStudent laptop, 3 free-tier cloud proxies 200 OK: devstral-2:123b, deepseek-v3.1:671b, qwen3-coder:480b
brno-vutbr.mdBrno University of TechnologyCzech RepublicHIGHAbliterated Gemma3-27B, Bulgarian GPT, RAG pipeline
hertfordshire.mdUniversity of HertfordshireUKCRITICALRobotHouse dev server, gpt-oss:latest 200 OK confirmed
itmo.mdITMO UniversityRussiaHIGH24 models incl. Kimi-Dev-72B, Llama4, gpt-oss:20b/120b
vnu-hanoi.mdVNU Ha NoiVietnamHIGHDomain-specific models: legal, biomedical, financial QA
vnu-hcmc.mdVNU Ho Chi Minh CityVietnamHIGHfinal-exploit-v1 cloud proxy, gpt-oss
MB-u-manitoba.mdUniversity of ManitobaCanada · MBHIGHCS GPU server, DeepSeek-R1:70B, Llama 3.3
umea.mdUmeå UniversitySwedenHIGHgpuhost02 CS cluster, qwen3.6:35b
CA-ucdavis.mdUC DavisUS · CAHIGH75GB MoE model, Claude 4.6 Opus-distilled model
yonsei.mdYonsei UniversitySouth KoreaCRITICAL17 cloud subs on port 5004, minimax-m2.1 200 OK, 75GB + 65GB local models
NY-syracuse.mdSyracuse University (IST R640 + Newhouse ChatEval)US · NYCRITICAL (hard-proof)Original: IST R640 gemma4:31b-cloud 200 OK on port 12345. Wave-2 deeper enum (2026-05-19): Newhouse School newh-eil-01.syr.edu:8080 ChatEval /api/settings/endpoints PUBLIC-unauth → leaks 4 production API keys (OpenAI svcacct + Anthropic + Gemini + Cloudflare Access); 14K-conversation social-engineering research-data exposed
NY-suny-stony-brook.mdSUNY Stony BrookUS · NYHIGHBiology dept, OLMo-3 research stack, gpt-oss cloud proxy
u-crete-medical.mdUniversity of Crete Medical CenterGreeceHIGHDual-embedding RAG pipeline (mxbai + nomic-embed) on medical server
shandong-med.mdShandong Medical Graduate SchoolChinaCRITICAL376GB local DeepSeek, abliterated R1-Distill, cred leak (user: bowee)
ncku.mdNational Cheng Kung UniversityTaiwanHIGHnckusoc-3090 cred leak, non-standard port 22222, 8 models
ncu-aiden.mdNCU / Oplentia (Chang Gung Univ.)TaiwanCRITICALProduction medical scheduling SaaS (Aiden Assistant) system prompt fully exposed, support contacts, HIS integration
fju-medph.mdFu Jen Catholic UniversityTaiwanHIGHMedical Public Health dept, 75GB MoE + 60GB gpt-oss:120b, RAG pipeline
ntu-gpu.mdNational Taiwan UniversityTaiwanHIGHGPU cluster g1pc2n108, 11 vision/multimodal models (GLM-OCR, GLM-4.7, LLaVA, MiniCPM-V)
krena.mdKyrgyz Research and Education Network (KRENA)KyrgyzstanHIGH433GB GLM-5.1 (744B-a40b), largest local model in sweep, deepseek-v4-pro cloud
learn.mdLanka Education and Research NetworkSri LankaHIGHCred leak (user: modelserver), deepseek-v4-pro cloud, llama3.2-vision
moph.mdThailand Ministry of Public HealthThailandHIGHGovernment health ministry, qwen3.6:35b + IBM granite vision
cefet-rj.mdCEFET/RJ (Federal Tech Education Center)BrazilHIGH17 models incl. DeepSeek-R1:70B, custom Brazilian Portuguese fine-tunes (chatbode, mistral-pt)
enstinet-nren.mdENSTINET Egypt NRENEgyptHIGHPort 3005 (non-standard), 3 custom Arabic uncensored HauhauCS-35B models, RAG pipeline, CVE-2025-63389 injection + deletion confirmed
lodz-tul.mdTechnical University of ŁódźPolandHIGHxray02 research node, DeepSeek-R1:32B, lukashabtoch/plutotext-r3-emotional cross-network propagation with CEFET/RJ Brazil
comsats.mdCOMSATS UniversityPakistanHIGHMedGemma 27B medical AI + 4B medical AI exposed, Kimi cloud proxy
VA-vt.mdVirginia TechUS · VALOWDHCP workstation (h80adf308), 5 models, no cloud proxy
snu.mdSeoul National UniversitySouth KoreaCRITICALCloud proxies (devstral-2:123b, deepseek-v3.1:671b) + cred leak (user: node1, SSH pubkey)
inha.mdINHA UniversitySouth KoreaHIGHgpt-oss:20b local, dual Nemotron-Cascade 30B, 132GB total
monash.mdMonash UniversityAustraliaHIGH3-node cluster; 376.7GB DeepSeek V3.1 671B (OOM on current allocation); Kimi + MiniMax cloud proxies; v0.20.2/0.18.3/0.19.0
AB-u-alberta.mdUniversity of AlbertaCanada · ABHIGHlula.cs.ualberta.ca; v0.21.1; gpt-oss:120b (65GB, 116.8B params); qwen2.5-coder:32b; Qwen3.6 35B/27B
tanet.mdTaiwan Academic Network (TANet)TaiwanCRITICAL18-node multi-institution cluster, account takeover (name=ollama), 5G security system prompt, 4 cloud proxy nodes
jingdong.mdChina Unicom / Jingdong ClusterChinaHIGH26-node uniform cluster v0.5.10, deepseek-r1:1.5b dominant, RAG pipeline
kyungpook.mdKyungpook National UniversitySouth KoreaHIGH3-node cluster 155.230.x, qwen3-vl:32b vision-language model
ici-bucharest.mdICI Bucharest (National IT Research Institute)RomaniaCRITICAL2 nodes: cloud proxy (DeepSeek + MiniMax), abliterated Qwen2.5-Coder, rdv-bot system prompt exposed, 72B model
bdren.mdBangladesh Research and Education Network (BDREN)BangladeshHIGHNational NREN node, 7 models, unauthenticated inference
CA-caltech.mdCalifornia Institute of Technology (Caltech)US · CAHIGHyertle.caltech.edu, gpt-oss:120b (116B), dual-embedding RAG pipeline, custom syntax + java models
arn.mdAlgerian Academic Research Network (ARN)AlgeriaMEDIUMNational research network, v0.9.6 (unpatched), SmolLM2 with live system prompt
onpt.mdOffice National des Postes et Télécommunications (ONPT)MoroccoMEDIUMNational PTT/telecom infrastructure node, v0.9.6, 1 model
nib.mdIndia NIB / BSNL National BackboneIndiaHIGH2 nodes on national backbone (BSNL NIB), qwen2.5-coder:32b + deepseek-coder:6.7b coding cluster
iti.mdInformatics and Telematics Institute (ITI/CERTH)GreeceHIGHvcl.iti.gr Virtual Compute Lab, Mistral Small 24B, system prompt exposed
moec.mdMalaysia Ministry of Education EMISCMalaysiaHIGHGovernment education IT ministry, v0.9.6, unauthenticated inference
university-of-indonesia.mdUniversity of IndonesiaIndonesiaCRITICALAS3382, Depok; llama3.2:3b; v0.5.4-dirty (pre-0.6.0 ancient build); Open WebUI v0.5.4 auth-on/3000 + raw API open/11434; CVE-2025-63389 confirmed
tianjin-cloud-park.mdChina Telecom Tianjin Big Data ParkChinaHIGHAS141679; 46-node multi-tenant cluster; v0.5.10 uniform; RAG pipelines (nomic-embed + deepseek-r1:1.5b); aliafshar/gemma3-it-qat-tools:27b; no rDNS; research institute tenants
IN-purdue.mdPurdue University (main campus)US · INCRITICALn8n.tap.purdue.edu, n8n workflow automation server; v0.12.3; account takeover d3af393f8e4e; deepseek-v4-pro + minimax-m2.7 cloud; AI workflow hijack surface
university-of-dhaka.mdUniversity of DhakaBangladeshCRITICALAS137359; coding cluster (codellama×2, qwen2.5-coder×2, deepseek-coder); bge-m3 embedding (RAG); 3 cloud proxies incl. qwen3-coder-next (unreleased); v0.20.5
ME-university-of-maine.mdUniversity of Maine (ECE-Ubuntu-02 + fate2.library)US · MECRITICALAS557 Orono; ECE host v0.18.2 with 69GB uncensored 122B + 18 cloud proxies; 2nd host (2026-05-19): fate2.library.umaine.edu v0.23.2 15-model vision-language stack OBSERVED
CA-ucla.mdUCLA (IDRE ai.idre.ucla.edu)US · CAOBSERVEDMulti-service host: Open WebUI v0.9.1 with enable_signup:true + enable_ldap:true OBSERVED; LiteLLM Proxy v1.83.4 dual-exposed (/openapi.json + /public/providers + cost map PUBLIC unauth on both :8000 uvicorn and :80 nginx-fronted)
CA-sdsc.mdSan Diego Supercomputer CenterUS · CAOBSERVEDIndependent ARIN org (SDSC-Z); compute.cloud.sdsc.edu; Ollama v0.20.4 with 53-model inventory; first entry gemini-3-flash-preview:cloud (Ollama :cloud-suffix cloud-proxy class OBSERVED); llama3.2 loaded in /api/ps
MD-umd-college-park.mdUniversity of Maryland College ParkUS · MDOBSERVEDamorgos.umd.edu v0.3.32 (very old) with enable_signup:true OBSERVED; Apache 2.4.58 Ubuntu default-page on :80 alongside the OW :8080 deployment
FL-usf.mdUniversity of South Florida (College of Marine Science)US · FLOBSERVEDTwo JupyterHubs (ocgmod1, manglillo) on marine.usf.edu both auth-enforced; adjacent Prometheus /metrics PUBLIC on manglillo:9090 but EMPTY (default install monitoring itself only — no scrape targets configured) — DOWNGRADED from initial info-disclosure claim after content analysis
NY-cornell.mdCornell University (AAP college)US · NYOBSERVEDonepl.aap.cornell.edu Open WebUI v0.6.14 auth-on; enable_signup:false + enable_api_key:true (closed-enrollment with post-auth API-key minting); wave-2 cohort exemplar
AZ-arizona.mdUniversity of Arizona (genai.arizona.edu)US · AZOBSERVEDBranded “U of A GenAI” Open WebUI v0.7.2 with U-Arizona OIDC backend; enable_signup:false + enable_api_key:false; properly configured institutional LLM service exemplar; surfaced G5-extension follow-up (visorbishop signature requires substring match on customized title)
NY-cooper-union.mdCooper Union (EE dept kahan.ee.cooper.edu)US · NYOBSERVEDOpen WebUI v0.9.2 auth-on + LDAP federation; first private engineering school in survey; kahan hostname (mathematician naming convention)
CO-red-rocks.mdRed Rocks Community College (datalab02.rrcc.edu)US · COOBSERVEDFirst community college in the survey; Open WebUI v0.9.2 auth-on + LDAP federation; identical deployment template to Cooper Union (suggests common upstream / vendor) — sector expansion note for K-12 + 2-year college follow-up
ME-southern-maine.mdUniversity of Southern Maine (CS dept fleet)US · MEOBSERVED8-host JupyterHub fleet on cs.usm.maine.edu (wasp/earwig/locust/mosquito/ant/beetle/turing/pascal); all 8 auth-enforced (identical 403 response); institutional-deployment-discipline exemplar
IL-depaul.mdDePaul University (multi-host campus pattern)US · ILOBSERVED20+ port-3000 hosts across employee/student/wireless networks; only 4 are Open WebUI; one (140.192.183.141) verified live auth-on v0.4.7; Stage-0 signup-open host DHCP-rotated; documents campus-wireless service-exposure + port-3000-FP-class patterns
GA-georgia-state.mdGeorgia State University (gluon.gsu.edu)US · GAOBSERVEDStreamlit framework on :8501; default title; app content WebSocket-only / not passively enumerable; wave-2 Streamlit cohort
CA-stanford.mdStanford University (dynamic-IP sr24-* host)US · CAOBSERVEDStreamlit framework on :8501 on Stanford’s sr* dynamic-IP wireless/residential pattern; framework confirmed; wave-2 Streamlit cohort
WA-uw.mdUniversity of Washington (Civil Engineering)US · WAOBSERVEDStreamlit framework on :8501 on ce.washington.edu subdomain; older bundle naming (main.*.js); wave-2 Streamlit cohort
IL-uchicago.mdUniversity of Chicago (Streamlit + degraded JupyterHub)US · ILOBSERVEDTwo-host observation: Streamlit framework on helabserver0.uchicago.edu:8501 (wave-2 Streamlit cohort) + JupyterHub on jupyterhub-dev.grid.uchicago.edu:8000 in 502 Bad Gateway degraded state (OSG-affiliated dev environment)
CA-ucsd.mdUniversity of California, San DiegoUS · CAHIGHAS26397; v0.20.7; qwen3.5:35b, gpt-oss:120b/20b; devstral-2:123b-cloud + deepseek-v3.1:671b-cloud; 67.58.51.111
nccu-taide.mdNational Chengchi UniversityTaiwanCRITICALV100×4 GPU server; v0.11.6; 3× Taiwan national TAIDE models (llama-3-taiwan:70b, Gemma-3-TAIDE-12b-Chat, Llama-3.1-TAIDE-LX-8B-Chat); gpt-oss:120b; CVE-2025-63389
forskningsnettet.mdForskningsnettet (Danish NREN)DenmarkHIGHAS1835 Aalborg; Node B v0.3.0 (2023-era ancient build, 2.5yr unpatched); Node A v0.22.0; gemma3:27b + nemotron3:33b
waseda.mdWaseda UniversityJapanCRITICALtokoko.human.waseda.ac.jp; account takeover name=tokoko (human-chosen); custom deepseek-r1-70b-academic + deepseek-r1-70b-jp research models; qwen3-vl:235b
itb.mdInstitut Teknologi BandungIndonesiaHIGHLSKK AI Lab; v0.9.2; 22 models incl. 7 custom Indonesian-education fine-tunes (indoedu-e5-base, llama-3.1-8b-indoedu, gemma-3-12b-indoedu) + UAT models; BGE-M3 RAG
nthu.mdNational Tsing Hua UniversityTaiwanHIGHsd197130.shin34.ab.nthu.edu.tw; v0.22.0; taide-npc:latest (Taiwan national AI as NPC/agent model); qwen3.6:35b
binh-duong.mdBinh Duong University / IU VietnamVietnamCRITICALContabo GmbH VPS (Germany); v0.13.1; account takeover name=372f4fd0a9dd; itu.edu.vn hostname
tanet-abliterated-cluster.mdTANet Abliterated Cluster (Unknown Institution)TaiwanCRITICAL120.126.16.144 TANet Taipei no-rDNS; v0.20.3; gemma4-crack-fixed:latest (custom safety-bypassed) + 2× abliterated HF models + dolphin-llama3 + Yinr/qwen2.5-agi:32b
tuke.mdTechnical University of Košice (FEI)SlovakiaHIGHprometheus.fei.tuke.sk; v0.11.11; 24 models; MedGemma 27B (54GB + 29GB dual quant, system prompt exposed); huihui_ai/Qwen3.6-abliterated:35b; Turkish erurollm; RAG pipeline
aua.mdAgricultural University of AthensGreeceHIGHafa4pc19.aua.gr; v0.18.2; qwen3:235b-a22b (142GB, 235.1B params); dual-embedding RAG (BGE-M3 + nomic-embed); DeepSeek-R1:32B; Llama3.3:70B
kumamoto.mdKumamoto University (CS Architecture Lab)JapanCRITICALscorpio.arch.cs.kumamoto-u.ac.jp; v0.12.7; account takeover name=d4659cbf55b2; minimax-m2.7:cloud; SSH pubkey exposed
nicosia.mdUniversity of Nicosia / IntercollegeCyprusMEDIUM82.116.203.130; v0.17.0; deepseek-v4-pro:cloud (disabled at probe); unauthenticated inference
rwanda.mdUniversity of Rwanda (College of Education)RwandaMEDIUM154.68.72.29; qwen3.5:27b + qwen3.6:27b; first Rwanda finding
CA-berkeley.mdUC BerkeleyUS · CAHIGHlal-99-178.reshall.berkeley.edu; v0.11.10; qwen2.5:32b; residential hall machine publicly exposed
CA-berkeley-vllm.mdUC Berkeley (Research Computing)US · CAHIGHvLLM 5-node cluster; Meta-SecAlign-8B + Nemotron-30B; 78.5M prompt tokens processed; /pause admin endpoint unauth; username akshat leaked
CA-berkeley-course-ai.mdUC Berkeley (EECS Course AI)US · CAHIGHroar-art.EECS.Berkeley.EDU; FastAPI course AI assistant; unauthenticated memory injection via /api/chat/memory-synopsis; no auth on endpoint
ntu-csie-vllm.mdNational Taiwan University (CSIE)TaiwanHIGHmvnl-nas.csie.ntu.edu.tw; vLLM 2-engine tensor-parallel; nvidia/Llama-3.3-70B-Instruct-FP8; 237 requests, 450K tokens
inha.mdINHA University (updated)South KoreaHIGH2 nodes: Ollama (gpt-oss:20b + Nemotron Cascade) + vLLM 0.8.4 (local-qwen, container, 311 requests, 90% cache hit)

Discovery Queries (Shodan)

# University Ollama instances
http.html:"Ollama is running" org:"university"   → 225 results (2026-05-01)

# University Open WebUI instances  
http.html:"Open WebUI" port:3000 org:"university" → 84 results (2026-05-01)

Cross-referencing same-IP hits across both queries identifies confirmed auth-bypass hosts (Open WebUI auth + raw Ollama port on same machine).

Methodology

  1. Pull Shodan hits for university-attributed IPs
  2. Cross-reference Ollama (11434) and Open WebUI (3000) on same IP
  3. Probe /api/config for auth: false
  4. Probe /api/tags on port 11434 for model inventory + cloud proxy models
  5. Check /api/show for system prompts on all models
  6. Cloud proxy: attempt inference → 401 response exposes Ollama Connect creds

Scale (sampled 2026-05-01)

QueryCount
University Ollama (port 11434)225
University Open WebUI (port 3000)84
Auth disabled (Open WebUI)~5–10% of Open WebUI set
Raw Ollama open (no Open WebUI auth)~30–40% of co-deployed
Cloud proxy models in university set~10–15% of open Ollama