One of our scans recently picked up an open vector database. Inside: over a hundred pages of internal documents related to uranium mining operations. No authentication, no access control - just a Qdrant instance sitting on the public internet with indexed, searchable documents about one of the most sensitive industries on the planet.
That’s the kind of thing we find now. Here’s how we got here.
211 Plugins and Growing
LeakIX runs 211 detection plugins continuously across the IPv4 space - 142 public, 69 pro - covering databases, web applications, network services, security appliances, AI tools, and industrial control systems.
But the numbers don’t tell the story. The findings do.
We Found PLCs on the Internet
Not behind a VPN. Not in a DMZ. Directly on the public internet, responding to unauthenticated requests.
Our scanner speaks native ICS/SCADA protocols - not banner grabbing, not HTTP fingerprinting, but the actual industrial protocols that PLCs expect from their engineering workstations.
With Modbus TCP, we found over 300 exposed devices in the first hours of scanning. Schneider Electric power meters, Delta Electronics controllers, Square D monitors - in China, Turkey, Sweden, and the US. All of them happily returned vendor names, product models, firmware versions, and register values to anyone who asked.
With S7comm, we performed full COTP/S7 handshakes with Siemens SIMATIC PLCs and read their system status lists. We identified CPU 1510SP-1 PN controllers - real programmable logic controllers managing physical processes, reachable by anyone with a TCP socket.
With OPC UA, we found Turck HMI panels running on Windows CE. Industrial touchscreens that control factory machinery, exposed without authentication.
We’re finding more exposed ICS devices than what Shodan shows in its public results. There aren’t many organizations scanning these protocols at internet scale.
The AI Stack Is Wide Open
Everyone’s deploying AI infrastructure. Almost nobody’s securing it - and it’s not always the user’s fault. Many of these tools ship insecure by design: no authentication by default, hardcoded API keys, default credentials that nobody changes because the documentation buries the setup steps. And when documentation examples ship with default credentials, people copy-paste them - not out of laziness, but because that’s how you follow a tutorial. Blaming the user for not changing defaults is easy. Shipping software that’s open to the world out of the box is a design choice.
Ollama servers sit on the internet with zero authentication - we find instances loaded with proprietary fine-tuned models that represent months of work and training data. LangFlow (CVE-2025-3248, CVE-2026-21445) exposes visual AI workflow builders where anyone can create and execute chains - and in recent versions, unauthenticated users could read all conversation histories. That matters more than it sounds: people paste credentials, config files, and internal documentation into chatbots every day. MLflow platforms leak full training pipelines. Flowise chatbot builders ship with unauthenticated API access. ComfyUI exposes Stable Diffusion interfaces to the world. Jupyter notebooks still routinely run without a password.
And then there are the vector databases. Qdrant, Weaviate, Milvus, Marqo, Meilisearch, Typesense - we scan for all of them. Organizations feed their documents into RAG pipelines and never think about where the embeddings end up. That’s how uranium mining docs end up searchable by anyone on the internet.
Your Security Appliance Is the Vulnerability
We cover 12 security appliance plugins: FortiGate, Palo Alto, Citrix ADC, Checkpoint, Ivanti, WatchGuard, Sophos, BeyondTrust, ConnectWise ScreenConnect.
The BeyondTrust findings hit different. We found exposed instances belonging to US government entities - the same product involved in the December 2024 Treasury Department breach. A privileged access management tool, designed to protect critical systems, sitting exposed on the internet. When the lock on your front door is the thing that’s broken, nothing else matters.
30,000 Backdoored Servers
When React2Shell (CVE-2025-55182) dropped in December 2025 - a CVSS 10.0 RCE in React Server Components, exploitable on default Next.js apps with zero code changes - state-sponsored groups started deploying backdoors within hours.
Our scan results: 592,000+ domains flagged as potentially vulnerable, 172,000+ confirmed exploitable, and 30,000+ already infected with in-memory backdoors at the time of scanning.
We shared our data with Shadowserver to help map the exposure at IP level. Combined with Validin’s contributions, the final count reached 165,000+ vulnerable IPs across 644,000+ domains.
That kind of collaboration is what internet-scale scanning is for - making sure the right people know fast enough to act.
Beyond Version Scanning
Most attack surface management platforms work the same way: grab a banner, extract a version string, match it against a CVE range. It works, but it has obvious limits - a patched server reporting an old version gets flagged, a vulnerable instance behind a custom banner gets missed.
We do version-based detection too - for many CVEs it’s the only option. But wherever possible, our plugins go further: the ICS plugins speak native Modbus and S7comm, the database plugins actually connect and query, the web plugins probe real endpoints.
Having exploit development experience on the team makes a difference here. When you’ve written the actual exploit, you understand the edge cases - the specific conditions that make a target vulnerable versus just looking vulnerable. That depth shows in the results: our React2Shell detection found significantly more vulnerable hosts than publicly available detection methods, because the logic goes beyond surface-level indicators.
What’s Coming
We’re in the middle of a major infrastructure overhaul - backend architecture, frontend, and API rebuilt from the ground up. On-demand scanning is coming, so users can trigger scans on their own assets instead of waiting for the next sweep. We’re expanding into more ICS protocols (DNP3, BACnet) and broader CMS detection.
The attack surface keeps growing. So do we.
All public results are available at leakix.net. Pro subscribers get access to the full 211-plugin coverage including ICS/SCADA data, advanced CVE detection, and real-time alerts.
For a technical deep dive into how internet-scale scanning works under the hood, check out How Internet Scanners Actually Work.
