
Criminals Are Finding and Abusing Unprotected AI Tools Online. How to Stay Safe.
Hackers are discovering AI systems that lack proper security and using them for attacks. No special credentials needed, just knowing where these exposed tools are.
Source
Dark Reading
Original headline: Attackers Hijack Exposed AI Endpoints to Power Offensive Ops
Plain-English summary by GetCyberRight. Read the full report at the source above.
Criminals are finding artificial intelligence tools that have been set up online without proper security protections. These exposed AI endpoints are systems that anyone can access if they know the web address. Attackers do not need passwords or special permission. Once they find these unprotected AI tools, they use them to power their own malicious activities. This mainly affects organizations and developers who set up AI tools online for work or projects.
If you are not running AI services yourself, your personal risk is low. However, if you work with AI tools, use chatbots for business, or your workplace has deployed AI systems, those systems could be vulnerable if not properly secured. If you or your organization use AI tools or services, take these steps:
- If you have set up any AI tools or services online, make sure they require authentication. Every system should need a username and password at minimum.
- Enable two factor authentication on all AI platforms and services you use for work or personal projects.
- Review what AI tools have access to your data or systems. Remove access for any tools you no longer use.
- Ask your IT department or service provider what security measures protect the AI tools your organization uses. When adopting new AI technologies, always prioritize security from the start. Just because a tool works does not mean it is safely configured. Before putting any system online, ensure it has proper access controls and authentication. This principle applies to all internet connected tools and services, not just AI. Convenience should never come at the expense of security.
Curated from trusted cybersecurity sources by GetCyberRight
Source: Dark ReadingStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

Government and Critical Infrastructure Systems Targeted in Southeast Asia
A hacking group linked to China compromised at least 10 organizations in Southeast Asia, including two government-owned entities.
2 min read
Foreign Hackers Target Critical Infrastructure in Southeast Asia. What It Means for Safety.
A hacking group linked to China compromised at least 10 organizations in Southeast Asia, including state owned entities that manage critical systems affecting public services.
2 min readFake Venezuela Earthquake Charity Sites Steal Your Donations
Scammers created 212 fake charity websites in just five days after Venezuela's earthquake. Here's how to donate safely and protect your family.
3 min read212 Fake Disaster Relief Sites Created in Just 5 Days
Scammers registered 212 fake Venezuelan earthquake relief websites in five days. Here's how to protect yourself when donating after disasters.
3 min read