A global map of exposed LLM services on university networks.
We catalogue every JupyterHub, Open WebUI, LiteLLM, Jupyter server, Streamlit research demo, and Ollama instance reachable on a university network without authentication. The public map below is the anonymized projection of that worklist: 1579 hosts open / exposed, 1245 catalogued as properly configured. Hostnames, IPs, institution names, and software versions are withheld; dot positions are jittered ~38 km around each country centroid. Click any dot for the plain-English explainer and the researcher who logged it.
The corpus is rebuilt from the AI-LLM-Infrastructure-OSINT submodule. Each entry is the result of three probes — a banner enumeration, an unauthenticated platform-specific endpoint check, and a credentials-required follow-up — recorded by VisorBishop and triaged by aimap. Hosts that survive the three probes with a 200 on the unauthenticated endpoint are classified exposed; hosts that fail the unauthenticated probe but respond cleanly to a credentialed one are classified catalogued.
The exposure classes on this page are the published taxonomy: auth-enforced, auth-on, info-public, signup-open, public-openapi, server-open, app-open, cloud-LLMjacking, and open. Severity tiers (CRITICAL / HIGH / MEDIUM / INFO) are assigned by the matrix in Insight #49 and override individual classifier output where a class clearly dominates (LLMjacking always HIGH, server-open always CRITICAL).
What stays private. Hostname, IP:port, institution, and version do not appear on the public feed. Dot positions are jittered uniformly within a ~38 km disc around the country centroid; the public coordinates cannot be deanonymized to a campus. The host-level worklist lives on a private localhost feed; entries are released to the public side only after the operator confirms remediation.