220k+ ai agent instances exposed on public internet with no auth, this is bad

A public monitoring dashboard, dubbed a 'watchboard,' has revealed a massive security crisis: over 220,000 instances of AI agent frameworks are running on the public internet with no authentication. These deployments, primarily on port 18789, are not on random home servers but on production infrastructure from major providers like AWS, Alibaba, Tencent, and Oracle. The exposed interfaces often display API keys, passwords, and system prompts, with some marked 'Has Leaked Creds.' This represents a critical escalation from past exposures of tools like Jupyter notebooks, as AI agents are autonomous systems capable of executing code, making API calls, and accessing filesystems.

The root cause is a pattern of poor security defaults in open-source agent frameworks. Developers test locally, deploy to the cloud, open a port for access, and forget to add authentication. While newer commercial tools like Cursor and Windsurf enforce auth by default, many popular open-source projects do not. The scale—220,000 instances—indicates this is happening in production environments, not just demos. An exposed agent with AWS credentials or database access could actively cause data loss, deploy crypto miners, or launch further attacks, moving far beyond passive data exposure. This incident underscores that immediate AI safety risks are not futuristic AGI concerns but today's basic security failures, demanding enforced authentication and hidden credentials as non-optional defaults.