hacker news today - a researcher scanned 1 million exposed ai services. n8n and flowise instances open to the internet without auth. the report is what every ciso forwards to their team this week.
what the scan found
- n8n instances with admin pages on port 5678, no auth
- flowise builders exposing api keys in workflow exports
- ollama servers exposing the model api at port 11434, no auth
- langflow instances with anonymous tool execution
these are all 'just for prototyping' instances that someone forgot to shut down.
what the buyer fear sounds like
'how do we know we don't have one of these.'
what the bizsuite ai-audit kit answers
- agent inventory script that scans the org's cloud + repo footprint for self-hosted ai services
- exposure check that flags any service answering on a public ip without auth
- remediation playbook (close the port, add auth, log the access)
- a procurement-ready report saying 'we audited, here are the findings, here's the fix'
4 hours. $997.
why the omnibus delay doesn't help
the omnibus moved the eu ai act high-risk obligation deadline. it didn't move the open n8n port. it didn't move the flowise instance leaking api keys. those are operational risks that ship every quarter regardless of what brussels does.
the audit answers a question the buyer is going to ask in q3 - did anyone touch our internal data through an exposed agent. you want a yes-with-evidence answer, not a 'we'll get back to you'.
Top comments (0)