NuClide Research

[Case] Cat-29 Argo Workflows: :2746 probe sweep, 2026-06-07

Sun, 07 Jun 2026 00:00:00 GMT

Lane 1A of the 9-item 2026-06-07 plan. Goal: test whether port 2746 hosts an unauthenticated Shodan-dark tier among Argo Workflows operators whose :443 surface is gated by IAP/AzureAD. Method: parallel curl probes (5-second timeout) against https://:2746/api/v1/version for all 156 IPs surfaced via the ssl:"Argo Workflows" Shodan dork during the 2026-05-3…

[Case] DMARC Funding-Stage Proxy — Full-Registry Sweep N=410

Sun, 07 Jun 2026 00:00:00 GMT

Date: 2026-06-07. Cohort: full NuClide AI-infrastructure vendor registry (MASTER-port-vendor-registry.csv, 435 vendor names, 410 unique apex domains resolved after dedup and OSS filtering). Probe: dig +short TXT dmarc.. Fully passive otherwise.

[Case] MCP Servers and CrewAI — Negative Results with Methodology Value

Sun, 07 Jun 2026 00:00:00 GMT

Two attempted same-day surveys produced no actionable findings — but the failure modes are themselves research-program-relevant. Both reveal classes of AI/LLM infrastructure that are not surveyable with the population-Shodan methodology that worked for the chat-UI / RAG / observability / autonomous-agent platform surveys.

LangGraph Studio Population Survey — Local Dev Tool Misdeployed to Public AWS at 90.9%

Sun, 07 Jun 2026 00:00:00 GMT

LangGraph Studio (github.com/langchain-ai/langgraph) is LangChain's local-development debugger / visualizer for LangGraph applications. It is designed to run on localhost:2024 during development, with desktop auth-type meaning no authentication is required because access is assumed to be from the same machine as the developer. LangChain ships separate produc…

OpenHands Population Survey — Autonomous Agent Task History + LLM Config Exposed at Scale

Sun, 07 Jun 2026 00:00:00 GMT

OpenHands (github.com/All-Hands-AI/OpenHands, formerly OpenDevin) is an autonomous coding agent platform with multiple agent types (CodeActAgent, BrowsingAgent, VisualBrowsingAgent, ReadOnlyAgent, LocAgent, DummyAgent) that can interact with code repositories, browse the web, execute shell commands, and modify files. The platform represents one of the highes…

The Auth-on-Default Landscape of OSS AI/LLM Infrastructure

Sun, 07 Jun 2026 00:00:00 GMT

Two-day population survey across 13 OSS AI/LLM infrastructure platforms reveals a maintainer-culture-axis split between demo-first defaults (auth-permissive, 70-91% open) and enterprise-customer-first defaults (auth-required, 0-1%). The cohort is not jurisdiction-defined. Insight #76 scope-bounded to platform class; LLM02 Sensitive Information Disclosure is the dominant finding class; the Capitol.ai escalation demonstrates the maintainer-default failing at enterprise-SaaS scale; in-flight attacker /proc/self/environ activity directly observable on OpenHands instances.

[Case] LibreChat Verification Deep-Dive — Notable Findings Re-Profiled

Sat, 06 Jun 2026 00:00:00 GMT

Deeper verification on the six notable finding clusters surfaced in the LibreChat population survey. Restraint maintained throughout: no registration, no LLM invocation, no account creation. Methods used: /api/config, /api/endpoints, PTR lookup, TLS cert inspection, WHOIS, marketing-site cross-reference.

Bisheng Population Survey — Negative Result (Auth-Required Default)

Sat, 06 Jun 2026 00:00:00 GMT

Bisheng (github.com/dataelement/bisheng) is an open-source LLM application development platform from DataElem (Beijing), focused on enterprise-oriented document AI, RAG, agent orchestration, and workflow building. Direct functional parallel to RAGFlow (also Shanghai-based) and Flowise.

Dify Population Survey — 939 Config-Disclosure, 9 Open Auth Findings

Sat, 06 Jun 2026 00:00:00 GMT

Dify is an open-source LLM application development platform (drag-and-drop workflow builder, RAG pipelines, agent orchestration). 2,289 Shodan-indexed instances on http.title:"Dify".

Flowise Population Survey — 578/841 Open, CVE-2024-36420 PoC Lab Exposed

Sat, 06 Jun 2026 00:00:00 GMT

Flowise is a drag-and-drop LLM workflow builder. Default deployment: no authentication on /api/v1/chatflows — the endpoint returns the full list of all configured chatflows, their nodes, deployment status, and embedded credentials in flow configurations.

Langfuse Population Survey — 816/918 Open Registration (88.9%)

Sat, 06 Jun 2026 00:00:00 GMT

Langfuse is an open-source LLM observability platform (trace ingestion, prompt analytics, evaluation tooling for production AI applications). 1,141 Shodan-indexed instances on "Langfuse" port:3000. 918 responded to live probing. 816 (88.9% of live, 71.5% of indexed) expose signUpDisabled: false to the public internet.

LibreChat Population Survey — 412/1,565 Open Registration (26.3%)

Sat, 06 Jun 2026 00:00:00 GMT

LibreChat (github.com/danny-avila/LibreChat) is an open-source ChatGPT-alternative chat interface — supports multiple LLM providers, plugins, multimodal, multi-tenant via shared deployments. 3,153 Shodan-indexed instances on http.title:"LibreChat". 2,000 downloaded; 1,565 responded.

Cat-05: LiteLLM Gateway Survey — Open Proxies Exposing Commercial LLM API Keys

Sat, 06 Jun 2026 00:00:00 GMT

The hunt started with a single Shodan dork: http.title:"LiteLLM" port:4000. It returned 2,219 results in under a second.

LobeChat Population Survey — 10/12 Fully Open (83.3%, small population)

Sat, 06 Jun 2026 00:00:00 GMT

LobeChat (github.com/lobehub/lobe-chat) is an open-source ChatGPT-alternative chat interface from Lobehub, a China-origin OSS community. Direct functional parallel to LibreChat. 641 Shodan-indexed; 636 downloaded; only 12 of 636 (1.9%) responded to live HTTP probing. Of the 12 reachable: 10 are in fully-open mode (enabledAccessCode: false AND enabledOAuthSSO…

Open WebUI Population Survey — 39 Auth-Off, 564 Open Signup

Sat, 06 Jun 2026 00:00:00 GMT

18,389 Shodan-indexed instances of Open WebUI. One GET to /api/config returns a JSON object that tells you everything: whether auth is enforced, whether public registration is open, the operator's branding name, and the exact version. No scanning required.

Cat-OW Calibration Deltas — 5 Named Findings Re-Verified

Sat, 06 Jun 2026 00:00:00 GMT

A spot-check verification pass on five named-institution findings in the Open WebUI population survey, applying the attribution hierarchy from Insight #79.

Arize Phoenix Population Survey — 41/55 Unauthenticated Project Disclosure

Sat, 06 Jun 2026 00:00:00 GMT

Arize Phoenix (github.com/Arize-ai/phoenix) is an open-source LLM observability and tracing platform — span ingestion, project organization, dataset versioning, prompt management for production AI applications. 94 Shodan-indexed instances on "Phoenix" port:6006. 89 unique endpoints downloaded; 55 responded.

RAGFlow Population Survey — 618/709 Open Registration (87.2%)

Sat, 06 Jun 2026 00:00:00 GMT

RAGFlow (github.com/infiniflow/ragflow) is an open-source RAG knowledge-base engine — document ingestion, vector retrieval, LLM-backed Q&A over enterprise knowledge bases. 1,915 Shodan-indexed instances on http.title:"RAGFlow". 709 responded to live probing. 618 (87.2% of live, 32.3% of indexed) expose registerEnabled: 1 to the public internet.

Cat-03 Model Serving & Inference — Survey 2026-06-05

Fri, 05 Jun 2026 00:00:00 GMT

Survey of 5,018 IPs across 17 Shodan and 9 Censys queries targeting Cat-03 (model serving and inference: llama.cpp, KoboldCpp, LM Studio, vLLM, SillyTavern, faster-whisper, One API, New API, Open WebUI, SGLang, GPT4All, HuggingFace TGI). 158 hosts responded live; aimap fingerprinted 72 services and flagged 20 CRITICAL / 19 HIGH. Verification of the flagged c…

[Case] Unauthenticated ML Training Server — velutina-service.ch

Mon, 01 Jun 2026 00:00:00 GMT

JAXEN returned 185.66.109.62 under a passive Shodan query for exposed AI/ML infrastructure on Swiss hosting ranges. The Shodan record showed:

AI Gateways Population Survey: Cat-32 (2026-06-01)

Mon, 01 Jun 2026 00:00:00 GMT

An AI gateway sits in front of every upstream LLM provider an operator uses. It holds the OpenAI key, the Anthropic key, the Gemini key, the DeepSeek key. All in one process. That is the point of the product. It is also the problem.

[Case] Dark-Tier Probe Result (Option A) — 2026-05-31

Sun, 31 May 2026 00:00:00 GMT

## DCWF KSAT coverage

[Case] NCKU Edge Host: a Kubernetes Control Plane Behind a MikroTik Gateway

Sun, 31 May 2026 00:00:00 GMT

A single handed-over IP resolved into an NCKU lab's internet edge: a MikroTik RouterOS gateway DNAT-forwarding to an internal network, with eighteen services reachable through it. The headline exposure is not an AI service. It is a KubeSphere v3.1.0 Kubernetes management console, branded "ECPaaS," reachable on tcp/23180, leaking its version, its unchanged de…

Argo Workflows Population Survey — Cat-29 (2026-05-31)

Sun, 31 May 2026 00:00:00 GMT

## DCWF KSAT coverage

Data Labeling & Annotation: the registration knob that re-opens the door

Sun, 31 May 2026 00:00:00 GMT

Data-labeling platforms sit at the input boundary of every supervised-learning and RLHF pipeline. They hold the raw data being labeled: PII-dense text, scanned documents, medical and facial imagery, and the human-preference pairs that fine-tune LLMs. A 2026-05-04 cheap-VPS pass had already shown the category is auth-on by default (doccano 348/348, 98.9% auth…

RAG Framework Servers Population Survey — Cat-07 (2026-05-31)

Sun, 31 May 2026 00:00:00 GMT

First population survey of the RAG-framework-server category. 16 platforms in the 2026-05-27 pre-assessment intel (data/platform-intel/rag-frameworks-osint-2026-05-27.md); 15 dorks run this session. The category spans private document-QA workspaces, RAG pipelines, agentic-RAG, and self-hosted AI search — platforms whose value is the document corpus and conne…

Service Mesh Control Planes: when exposure is the authentication failure

Sun, 31 May 2026 00:00:00 GMT

Every survey so far measured platforms that have an authentication layer and ship it on or off. Service-mesh introspection planes are a harder test for the auth-on-default thesis: most of them have no auth layer at all. Kiali's anonymous strategy, Linkerd's viz dashboard, Cilium's Hubble UI and relay, Istio's Envoy-admin and istiod-debug all rely on network…

Specialty Data Layers survey, 2026-05-30

Sat, 30 May 2026 00:00:00 GMT

Three of five sampled Spark History Servers exposed their job inventories with no authentication, and two of them are machine-learning pipelines. The job names are the finding. They map the feature-engineering, training, and prediction stages of an ML workflow on Google Cloud. ClickHouse returned 5,208 hosts on the empty- password port, but confirming the un…

[Case] Voice/Audio AI re-run: Category 17, 2026-05-29

Fri, 29 May 2026 00:00:00 GMT

Fifteen dorks. Twenty-eight candidates. Six confirmed unauthenticated voice services across five hosts. One four-service stacked host. Four false positives killed at the verification stage, including a would-be remote-code-execution finding that turned out to be an LLM relay server.

[Case] Zep CE: empty default api_secret accepts a zero-entropy credential

Fri, 29 May 2026 00:00:00 GMT

Code-level finding from the agent-memory pre-assessment (data/platform-intel/agent-memory-osint-2026-05-29.md). Labeled per case-studies/FINDING-TEMPLATE.md. This is a platform finding, not a host case study: no live target has been touched.

Auth / Identity / Gateway survey, 2026-05-29

Fri, 29 May 2026 00:00:00 GMT

Open Policy Agent ships with no authentication, and five of six sampled hosts returned their full Rego policy list with no credentials. The policy names are the finding. They map the operator's authorization model and the topology of whatever AI stack sits behind them. The admin APIs of Kong and OPA are Shodan-dark because they serve JSON, so the harvest fou…

Experiment Tracking, registry and RCE half, 2026-05-29

Fri, 29 May 2026 00:00:00 GMT

MLflow ships with no authentication, and the population shows it: eight of eight sampled servers returned the full experiment list with no credentials. One held 379 experiments and leaked a Google Cloud Storage bucket name. The other high-severity targets did not deliver. Determined.ai was authenticated on every reachable host, including two on AWS GovCloud,…

ML Governance / Data Catalog survey, 2026-05-29

Fri, 29 May 2026 00:00:00 GMT

Nine dorks. Six platforms. The category is well-secured at population scale, and that is the finding. The auth-on platforms run patched versions. The auth-off platforms are either Shodan-dark or empty demos. One unauthenticated Marquez server confirmed, and it held no production data.

Model Serving, management-plane and registry, 2026-05-29

Fri, 29 May 2026 00:00:00 GMT

The model-serving category is Shodan-dark. vLLM, Triton, TGI, and TorchServe all serve JSON APIs, and their identifying strings live in JSON bodies, not in the HTML Shodan crawls. The dominant self-hosted LLM inference server returned one hit on its own banner. That one host was a real unauthenticated vLLM serving a 20B model. The management-bypass surfaces…

RAG framework stragglers, 2026-05-29

Fri, 29 May 2026 00:00:00 GMT

AnythingLLM ships single-user mode with no password, and two of five sampled hosts had the web UI open to any browser visitor. The verification narrowed the finding: the open UI is browser-reachable, but the developer REST API still demands a key even in no-auth mode. RAGFlow returned 1,705 hosts, a large pre-auth-RCE-class population, but the RCE lives on a…

LLM Safety / Guardrail survey, 2026-05-29

Fri, 29 May 2026 00:00:00 GMT

Five dorks. One confirmed unauthenticated guardrail server, and the guardrail was the least exposed thing on the box. The same host left MongoDB, Redis, MySQL, PostgreSQL, and a Docker registry open with no authentication. The safety tool meant to inspect untrusted input was sitting on an unlocked data tier.

[Case] Apptica — Production Data Lake Exposed via Unauthenticated ClickHouse

Thu, 28 May 2026 00:00:00 GMT

Apptica is a commercial app store intelligence platform offering revenue estimates, download data, keyword rankings, and advertising intelligence for mobile apps across iOS and Android. Their product — described as "Ad Intelligence" and "Market Intelligence" — is built on the data stored in this database.

[Case] DataV / Skillmine Technology — Multi-Party Data Breach via Unauthenticated ClickHouse

Thu, 28 May 2026 00:00:00 GMT

DataV is a no-code AI analytics and data visualization platform built and operated by Skillmine Technology Consulting Private Limited (Mumbai). The platform allows customers to upload CSV and Excel files, connect SQL databases, run ML predictions, and build dashboards. Per their website, DataV serves organizations across BFSI, healthcare, IT services, automo…

[Case] Sanio AI — Collision AgentOS / Walmart Pipeline Exposure

Thu, 28 May 2026 00:00:00 GMT

Surface identified in session 43 (cat-06 stragglers survey) via Shodan dork port:7777 http.html:"agno". Prior session confirmed the host as unauth Agno on port 7777 with road collision data in scope. This session ran five parallel agents for full stack enumeration.

[Case] Snap-E Cabs — ScyllaDB Default Credentials + Unauthenticated REST API

Thu, 28 May 2026 00:00:00 GMT

Snap-E Cabs, a BSE-listed Indian EV ride-hailing operator (600+ vehicles, Kolkata), runs a ScyllaDB cluster on GCP with the CQL port accepting default cassandra/cassandra credentials and the admin REST API exposed with zero authentication — giving any actor full read/write access to 431,808 driver safety events, 245 live auth tokens, biometric face ROI data,…

AI Evaluation and Red-Team Platform Survey — Promptfoo Population Pass

Thu, 28 May 2026 00:00:00 GMT

Promptfoo is the only AI eval/red-team platform in the 13-platform scope that produced confirmed unauthenticated exposure at scale. Four instances returned {"email":null} on GET /api/user/email with eval datasets and provider configurations readable without credentials. The best-characterized instance (evals.dev.generalwisdom.com, AWS Ashburn) exposed 60 LLM…

Auth and API Gateway Platforms: Population Survey

Thu, 28 May 2026 00:00:00 GMT

Shodan harvest of 13 auth and API gateway platforms returned confirmed populations across six categories. SuperTokens (port 3567) is the largest exposed surface at 455 confirmed internet-facing instances with no API key configured by default. Authentik reaches or exceeds Shodan's 1,000-result display cap. Authelia shows 33 instances. Kong admin port (8001) r…

Unauthenticated FinOps Cost APIs Hand Attackers a Free Cluster Recon Map

Thu, 28 May 2026 00:00:00 GMT

Sixty-seven Kubernetes cost-tooling endpoints (Kubecost 50, OpenCost 14, vendor-undetermined 3) answer their cost-model API with no authentication. Fifty-nine return full per-namespace cluster topology and summed daily spend on a single unauthenticated GET. That is the finding: a FinOps cost sidecar, deployed to watch the wallet, indexes the entire cluster a…

Model Serving and Registry Infrastructure Survey

Thu, 28 May 2026 00:00:00 GMT

Shodan sweep across 11 model-serving and registry platforms. MLflow is the only platform with a live, indexable population -- 10 confirmed unauthenticated instances spanning 6 cloud providers and 6 countries. Every other platform surveyed (vLLM, TorchServe, TensorFlow Serving, Ray Serve, BentoML, Seldon Core, KServe, ONNX Runtime Server, TGI, Triton) returne…

RAG Stragglers: LightRAG, RAGFlow, DocsGPT, Ragapp Population Survey

Thu, 28 May 2026 00:00:00 GMT

Four RAG platforms were left unfinished from prior survey runs: LightRAG, RAGFlow, DocsGPT, and Ragapp. This pass closes them out with a full Shodan harvest, verification, and arsenal run.

LLM Guard survey: guardrail platforms Shodan-dark except /metrics side-channel

Thu, 28 May 2026 00:00:00 GMT

Two LLM Guard v0.0.10 instances confirmed from an 11-platform Shodan sweep. Both have auth configured on scan endpoints (/analyze/prompt, /analyze/output, /scan/output). Both expose /metrics without auth. The metrics endpoints leak operator domain names, internal docker network topology, container IPs, and production request volumes. F2 (57.128.58.103) has a…

Cat-30: Specialty Data Layers — Population Survey

Thu, 28 May 2026 00:00:00 GMT

## DCWF KSAT coverage

Voice/Audio AI Infrastructure Survey

Thu, 28 May 2026 00:00:00 GMT

## DCWF KSAT coverage

[Case] Argo Workflows — Pre-Assessment OSINT Brief (2026-05-27)

Wed, 27 May 2026 00:00:00 GMT

Intelligence gathered before the population scan to fine-tune dork selection, fingerprint design, verification methodology, and scope. Not a survey — a survey prep document. The scan chain runs after this.

Argo Workflows: K8s-Native Workflow Orchestration Survey

Wed, 27 May 2026 00:00:00 GMT

Shodan survey of the global Argo Workflows population via TLS certificate fingerprint. 67 confirmed instances (initial survey, ssl:"ArgoProj" dork) plus 17 Argo-confirmed instances from a second non-overlapping population of 200 IPs (ssl:"Argo Workflows" dork). All tested instances across both populations: auth-enforced. Combined passive-discoverable populat…