Bishop Fox — AIMap Open-Source AI Infrastructure Scanner
AI relevance: AIMap gives defenders and attackers alike a turnkey platform for discovering exposed AI agent infrastructure — including Ollama, vLLM, LiteLLM, MCP servers, LangChain, and Open WebUI — directly from the internet.
What happened
- Bishop Fox released AIMap, an open-source platform for discovering and security-testing exposed AI infrastructure at internet scale.
- The tool covers a broad range of AI protocols and frameworks: Model Context Protocol (MCP), Ollama, vLLM, LiteLLM, LocalAI, LangServe, LangChain, OpenClaw, Open WebUI, LibreChat, Gradio, Streamlit, ComfyUI, Stable Diffusion, HuggingFace TGI, and generic inference APIs.
- AIMap operates in two modes: discovery scans to map exposed AI services, and attack tests that automatically probe identified endpoints for common misconfigurations and vulnerabilities.
- The platform is deployable locally via Docker Compose, allowing organizations to run scans against their own environments.
- Bishop Fox emphasized that the tool exists because attackers already have this visibility — AIMap aims to give defenders equivalent capabilities.
Why it matters
- AI infrastructure — model servers, MCP tool endpoints, RAG pipelines, and agent orchestrators — is routinely deployed with default credentials, no authentication, or exposed to the public internet.
- Many of these services can execute arbitrary code, access internal tools via MCP, or exfiltrate data through connected APIs when left unprotected.
- Open-source tooling like AIMap lowers the barrier for both red teams and threat actors to locate and test AI attack surfaces at scale.
What to do
- Inventory all AI-facing services (model servers, MCP endpoints, agent gateways) and verify none are exposed without authentication.
- Deploy AIMap or equivalent scanning in your own environment to identify gaps before attackers do.
- Enforce network segmentation between AI infrastructure and production systems — an exposed vLLM instance should not have unfettered access to your internal network.
- Monitor Shodan and similar search engines for your own AI service fingerprints.