Unauthenticated AI Discovery

U
Written By Threat NG Staff

Unauthenticated AI Discovery, in the context of cybersecurity, is a specialized reconnaissance process focused on identifying and inventorying an organization's Artificial Intelligence (AI) assets and infrastructure from the perspective of an external attacker, without using any credentials, API keys, or pre-existing internal access.

The core goal is to map the AI attack surface as it is publicly exposed to the internet, allowing security teams to discover "Shadow AI" and misconfigurations before malicious actors do.

This process involves gathering clues from open-source intelligence (OSINT) and scanning techniques to detect the visible external artifacts left by AI development and deployment processes:

  1. Endpoint and Service Fingerprinting: This includes identifying public IP addresses, domains, and subdomains that are hosting AI-related services, such as publicly accessible API endpoints, web interfaces for models, or unmanaged development environments. The discovery often relies on detecting the unique "fingerprints" of underlying AI technologies or frameworks (e.g., specific MLOps tool versions, common server types for model serving).

  2. Data Exposure via Misconfiguration: This involves scanning for and identifying misconfigured external resources that contain AI-related data. The most common example is the detection of publicly open cloud storage buckets (like those from AWS, Azure, or Google Cloud) that inadvertently store sensitive training datasets, model weights, or configuration files.

  3. Credential and Secret Leakage: This focuses on identifying leaked access credentials, service account keys, or API tokens (including LLM access keys) that have been publicly exposed in code repositories, forums, or paste sites. While the credential itself grants access, its external discovery is an unauthenticated process.

By focusing purely on the external, unauthenticated view, this technique provides a high-confidence assessment of an organization's most critical, exposed AI assets and the security gaps that an attacker would find first.

ThreatNG, as an all-in-one external attack surface management (EASM), digital risk protection (DRP), and security ratings solution , is the ideal tool for organizations to validate their AI security posture by performing Unauthenticated AI Discovery —that is, identifying exposed AI assets from the perspective of an external attacker who has no credentials or prior access.

ThreatNG’s capabilities ensure that the security team finds the most critical, easily exploitable AI exposures first.

External Discovery and Inventory

ThreatNG's core strength is its capability to perform purely external unauthenticated discovery using no connectors, which directly mirrors the initial reconnaissance phase of Unauthenticated AI Discovery.

  • Technology Stack Identification: ThreatNG provides exhaustive, unauthenticated discovery of nearly 4,000 technologies. This is vital because it identifies the specific underlying frameworks and services used to build and serve AI models, including the 265 technologies categorized as Artificial Intelligence, as well as vendors in AI Model & Platform Providers and AI Development & MLOps.

  • Subdomain Intelligence: ThreatNG’s discovery process uncovers all associated subdomains and identifies the cloud and web platforms hosting them. This helps locate the public-facing API endpoints or applications that interact with the AI models.

Example of ThreatNG Helping: ThreatNG discovers an unmanaged subdomain, ai-test.yourcompany.com, running a technology identified as a vendor under AI Model & Platform Providers. This discovery immediately confirms the unauthenticated presence of an AI asset.

External Assessment for Unauthenticated Risks

ThreatNG's security ratings and assessment modules highlight critical misconfigurations that make AI assets vulnerable to an unauthenticated attacker.

  • Data Leak Susceptibility: This security rating is derived from uncovering external digital risks across Cloud Exposure, specifically exposed open cloud buckets. The discovery of a publicly accessible cloud bucket is the most direct evidence that unauthenticated parties can access assets like AI training data or model weights.

  • Non-Human Identity (NHI) Exposure: This critical governance metric quantifies vulnerability to threats from high-privilege machine identities, such as leaked API keys and service accounts. Since these keys can be used by an unauthenticated attacker who finds them, this rating confirms a high-risk external vulnerability for AI systems.

  • Cyber Risk Exposure (Sensitive Code): This rating is based on findings that include Sensitive Code Discovery and Exposure (code secret exposure). This immediately reveals if configuration secrets or API keys associated with AI development have been externally exposed, which directly enables an unauthenticated attacker.

Example of ThreatNG Helping: ThreatNG flags a high Cyber Risk Exposure rating because its Sensitive Code Exposure investigation module uncovered an AWS Access Key ID in a public code repository. This key could allow an unauthenticated attacker to access AI model storage or infrastructure.

Reporting and Continuous Monitoring

ThreatNG provides Continuous Monitoring of the external attack surface, ensuring that any new AI exposure is flagged immediately.

  • Reporting (Security Ratings): The Data Leak Susceptibility and Cyber Risk Exposure Security Ratings (A-F scale) provide easy-to-understand metrics for executives to grasp the severity of unauthenticated AI exposure risks.

  • External Adversary View and MITRE ATT&CK Mapping: ThreatNG aligns an organization's security posture with external threats by performing unauthenticated, outside-in assessment. It automatically maps these findings to specific MITRE ATT&CK techniques (e.g., initial access), showing how an unauthenticated exposure could be exploited.

Investigation Modules

ThreatNG's Investigation Modules allow security teams to gather granular, unauthenticated evidence that completes the discovery process.

  • Cloud and SaaS Exposure: This module directly identifies and validates Open Exposed Cloud Buckets on AWS, Microsoft Azure, and Google Cloud Platform. This is the critical step in unauthenticated discovery of exposed AI training data.

  • Online Sharing Exposure: This module identifies organizational entity presence within code-sharing platforms like Pastebin and GitHub Gist. An attacker often finds LLM API keys or configuration snippets in these forums, and ThreatNG automates the discovery of these secrets.

  • Subdomain Intelligence (Content Identification): This module identifies content like Admin Pages and APIs on subdomains. Finding a publicly accessible, unauthenticated API endpoint that accepts prompts is a critical part of AI discovery.

Example of ThreatNG Helping: An analyst uses the Cloud and SaaS Exposure module and identifies an exposed open cloud bucket. The Technology Stack module confirms a correlation with an AI Model & Platform Provider, definitively linking the misconfigured bucket to the AI environment.

Intelligence Repositories

ThreatNG’s Intelligence Repositories (DarCache) provide necessary contextual data to validate and prioritize discovered unauthenticated AI exposures.

  • Vulnerabilities (DarCache Vulnerability): This repository integrates NVD, KEV, EPSS, and Proof-of-Concept Exploits. If the exposed infrastructure hosting an AI model has a known vulnerability, the EPSS score helps predict the likelihood of exploitation, ensuring the most dangerous unauthenticated exposures are prioritized.

Complementary Solutions

ThreatNG's external discovery provides essential, unauthenticated intelligence to complementary solutions like Secrets Management Platforms and Data Loss Prevention (DLP) systems.

  • Complementary Solutions (Secrets Management Platforms): ThreatNG's discovery of a leaked service account credential via NHI Exposure provides definitive external proof of compromise. This external finding is routed to the Secrets Management platform, triggering an automated workflow to revoke the exposed key and tighten the access permissions for all remaining keys accessing AI infrastructure.

  • Complementary Solutions (DLP Systems): ThreatNG’s detection of an exposed open cloud bucket provides the external validation needed by a DLP system. When ThreatNG flags a publicly open bucket, this external signal can instruct the DLP system to execute an immediate, internal content inspection and policy check on that specific bucket to confirm if sensitive AI training data is present and classify the severity of the leak.

Threat NG Staff
Previous

Digital Risk Protection for AI
Next

AI Training Data