AI endpoint reconnaissance is rising, are your controls ready?

TL;DR: GreyNoise captured 91,403 attack sessions from October 2025 to January 2026, including two campaigns that mapped exposed AI endpoints and abused server-side request forgery to trigger outbound connections, according to Zenity’s analysis of the findings. The threat picture is shifting from experimentation to operational targeting, and existing AI security models now need inventory, egress control, and behavior-based detection.

NHIMG editorial — based on content published by Zenity: GreyNoise findings and what they mean for AI security

Questions worth separating out

Q: How should security teams govern exposed AI endpoints and proxies?

A: Security teams should govern exposed AI endpoints and proxies as production identity surfaces.

Q: Why do AI proxies create a governance gap for IAM teams?

A: AI proxies create a governance gap because they can separate the authenticated user from the system that actually reaches the model provider or external services.

Q: How can organisations detect AI reconnaissance before exploitation?

A: Organisations can detect AI reconnaissance by correlating repeated low-noise requests, unusual callback domains, destination resolution, and identity context across telemetry.

Practitioner guidance

• Inventory every exposed AI endpoint and proxy Map all internet-accessible model routes, wrappers, and API layers, then record who owns them, what they reach, and whether they are authenticated.
• Constrain outbound model pulls and callback destinations Allow only trusted registries and known callback domains, and block systems that can be induced to reach arbitrary external URLs.
• Correlate transcript, identity, and egress telemetry Join request content, source identity, destination resolution, and tool use so low-signal probing can be detected before it becomes exploitation.

What's in the full article

Zenity's full analysis covers the operational detail this post intentionally leaves for the source:

• Indicator-level breakdown of the GreyNoise campaigns, including callback domains and probing patterns
• Zenity's deterministic detection logic for suspicious AI communications and outbound behavior
• Customer telemetry validation approach used to confirm whether agents were directly impacted
• Threat-hunting guidance for teams that need to operationalize detections across SaaS, cloud, and endpoints

👉 Read Zenity's analysis of GreyNoise findings on AI security targeting →

AI endpoint reconnaissance is rising, are your controls ready?

Explore further

View Full Forum →  |  NHI Foundation Course →