About AIExpose
AI Infrastructure Security Observatory
What is AIExpose?
AIExpose is an open OSINT observatory that continuously monitors publicly exposed AI infrastructure across the internet. It detects exposed API keys, unprotected AI models, known vulnerabilities in AI tools, and misconfigured certificates belonging to AI companies worldwide.
All data collected by AIExpose comes exclusively from public sources β no private systems are accessed or exploited.
Why Does It Exist?
The rapid adoption of AI tools has outpaced security awareness. Developers frequently expose API keys in public repositories, deploy AI models without authentication, and use AI frameworks with known vulnerabilities. AIExpose makes this problem visible β and actionable.
How It Works
π Data Collection
Automated scrapers run nightly collecting data from GitHub, NVD, HuggingFace and certificate transparency logs.
π Risk Scoring
Each finding is scored 0-100 based on five weighted factors: exposure level, data sensitivity, exploitability, business impact and patch availability.
πΊοΈ Visualization
Findings are displayed on an interactive world map, allowing users to explore AI security exposures by geography and severity.
π§ Responsible Disclosure
When new exposures are found, affected organizations are notified. They have 90 days to remediate before findings are published publicly.
Data Sources
- βGitHub API β public repositories with exposed AI credentials
- βNVD (NIST) β known CVEs affecting AI tools and frameworks
- βcrt.sh β certificate transparency logs for AI company domains
- βHuggingFace β public AI models and spaces
Risk Severity Levels
About the Author
AIExpose was created and is maintained by Carlos Dominguez, a Security Analyst based in Dublin, Ireland, specialising in telecom security and OSINT.
Contact: [email protected]