NuClide Research
Most recent
navigate open esc close Corpus index built 2026-06-07 23:58 UTC

§ THE STACK / DATA LAYER

Container Orchestration

Docker daemon, etcd, Vault, Consul, Portainer, Argo CD. the substrate AI runs on

Vector stores, registries, memory, datasets: what the model knows and remembers.

What it is

Every modern LLM deployment runs on container infrastructure. The substrate layer is technically not LLM-specific: the Docker daemon, etcd (k8s/standalone), HashiCorp Vault (secrets), HashiCorp Consul (service mesh), Portainer (UI), Argo CD (continuous deployment), and the kubelet itself. Unauthenticated exposure here is sometimes more impactful than exposure of the LLM service it carries. Docker socket exposure = container escape = root on host. etcd unauth = full k8s state dump. Vault uninitialized = anyone calls /v1/sys/init and becomes the operator.

What goes wrong

The framework defaults vary across the layer:

  • Docker daemon on TCP 2375 ships without auth in the official documentation’s “remote API” examples; operators copy-paste the config and forget the TLS step. Population-scale unauth rate: high.
  • etcd v2 API (/v2/keys) ships without auth in older deployments; v3 default is gRPC-auth-on but operators frequently turn it off.
  • Vault is auth-on-default at the framework layer; the only unauth surface is the /v1/sys/init bootstrap endpoint, which is intentionally open until the first init call. Uninitialized Vaults are a one-shot full-takeover surface.
  • Consul ships with ACLs disabled by default in framework config (Tier-A**); 100% of reachable Consul instances at population scale have ACL off.
  • Argo CD is auth-on-default (Tier-C). 99.93% of the population is properly gated; ~0.07% set the anonymous-read template-config and leak app inventories.

How we test

Each substrate platform has its own identity-and-state probe. Docker: GET /version. etcd: GET /version + GET /v2/keys?recursive=false (top-level keys only). Vault: GET /v1/sys/seal-status + GET /v1/sys/init (sealed / unsealed / uninitialized). Consul: GET /v1/agent/self + GET /v1/catalog/services. We never read secret values, never PUT/DELETE/POST /v1/sys/init. The presence of the substrate at the public boundary is the finding; the operator’s k8s topology, secret-engine mounts, and service catalog leak as metadata even when the data layer is gated.

Receipts

Research

Every survey, case study, and disclosure we've published that touches this layer of the stack. Counts on the cells above tally these directly.

Cross-cloud surveys

5
Survey May 16, 2026

Argo CD Population Survey (2026-05-16)

Population-scale survey of Argo CD. The Kubernetes continuous-deployment pipeline. Argo CD operators configure git-source repositories, deploy targets (k8s clusters), and credentials; the platform wat…

Read →
Survey May 16, 2026

Consul (HashiCorp) Population Survey (2026-05-16)

Population-scale survey of HashiCorp Consul deployments. Service registry + KV store + service-mesh control plane. Consul's default ACL policy is allow, so out-of-the-box deployments expose the agent,…

Read →
Survey May 15, 2026

Unauth Docker Daemon Population Survey (2026-05-15)

Survey of the Shodan-indexed Docker daemon population on port 2375. The canonical unauth port for the Docker HTTP API. Port 2376 is the TLS-auth variant; port 2375 is unauth by framework spec, and ope…

Read →
Survey May 15, 2026

etcd Population Survey (2026-05-15)

Population-scale survey of etcd. The distributed key-value store that backs Kubernetes' entire cluster state. Each unauthenticated etcd is a secrets-store leak class: anyone can list (and read) the cl…

Read →
Survey May 15, 2026

Vault (HashiCorp) Population Survey (2026-05-15)

Population-scale survey of HashiCorp Vault deployments. Vault is the canonical secrets-management platform. The operator's database credentials, API keys, signing keys, and other application secrets l…

Read →

Data Layer

Other categories in this layer

Vector Databases

ChromaDB, Milvus, Qdrant, Weaviate, pgvector

Search Engines

Elasticsearch, Solr, Meilisearch, Typesense, Vespa. full-text + vector search

OLAP / Analytics Backends

ClickHouse, Cassandra, ScyllaDB, Pinot. the trace + log + analytics tier under observability

MLOps Tracking

MLflow, W&B, ClearML, Aim, Comet ML. experiment tracking + model registry

Agent Memory

Mem0, Letta, Zep, Motorhead. long-term memory backends

Data Labeling

Label Studio, Argilla, CVAT, Doccano, Prodigy. training-data annotation

Object Storage

MinIO, S3, model & dataset stores

Compute Orchestration

RunPod, Ray, Volcano, Kubeflow, SkyPilot

GPU Compute & Telemetry

Run:AI, DCGM-exporter, NVIDIA Fleet Command. GPU fleet metrics + scheduling

Medical / Edge AI

DICOM, MONAI, Orthanc, dcm4che, NVIDIA NIM. clinical and edge model serving

Backup & Snapshots

Velero, Restic, Barman, Longhorn

Fine-tuning Runtimes

Axolotl, LLaMA-Factory, Unsloth, torchtune

Document Parsers

Unstructured, LlamaParse, marker, MinerU, Docling

Model Hubs & Registries

HF Hub mirrors, ModelScope, BentoML