Attackers don't need any special authentication to reach a target endpoint — they just need to know where it is.
June 30, 2026
Threat actors are trying to leverage organization-owned AI agents to power complex threat activity.
Between March and May, Zenity researchers observed three distinct campaigns leveraging its honeypots' large language model (LLM) infrastructure as resourcing for offensive AI operations, exposing Ollama and LiteLLM endpoints. What's most fascinating about this attack vector is that it doesn't require a full-scale compromise, just knowledge of an exposed endpoint.
More specifically, Zenity's blog post notes that attackers exploit "the inference endpoints that self-hosted AI software exposes for applications to call." The attacker doesn't need any special authentication to reach them; they just need to know where the endpoint is. Examples of such endpoints include the Ollama "/api/generate" and "/api/chat" endpoints on port 11434, and LiteLLM's "/v1/responses" endpoint on port 4000.










