What it is
Jupyter is where most of modern machine-learning research happens. A notebook is a live Python (or R, or Julia) shell with rich output (plots, tables, images) that runs inside a kernel an operator can leave running for days. JupyterLab is the polished IDE on top, JupyterHub the multi-user variant. Every ML grad student, every model fine-tuner, every quantitative analyst lives in this stack.
What goes wrong
A Jupyter server with no token (or a token shared in a public Slack, or a token from a screencast, or a token in a Docker Compose file pushed to GitHub) is a remote Python shell with the operator’s full filesystem, GPU, and cloud credentials available via the imported boto3/google-cloud SDKs. The exposure isn’t the notebook. It’s the kernel behind it. Anyone reaching the port can spawn a new kernel and run arbitrary code under the operator’s identity.
How we test
We probe for the token-prompt page, then the API at /api/sessions to
enumerate live kernels (this works without auth in surprisingly many configs,
and the response is a perfect operator-attribution payload: kernel paths
contain user homedirs, repo names, and dataset filenames). We never spawn a
new kernel on the target. The session list alone is sufficient to attribute,
draft the disclosure, and demonstrate impact in evidence form.