A Million AI Systems Are Wide Open Right Now. Your Conversations Are Inside.

Security firm Intruder scanned the public internet and found approximately 1,000,000 AI systems wide open — no password, no authentication, no lock. Their conclusion: AI infrastructure is "more vulnerable, exposed, and misconfigured than any software we've ever investigated."

What's inside those open systems? Everything people typed into them. Health questions. Financial data. Private conversations. The kind of things you type at 2 a.m. thinking nobody is watching.

1,652 servers had zero authentication. 518 of them were holding live API keys to OpenAI, Anthropic, Google, and DeepSeek — meaning anyone who found them could use those credentials to run queries, access data, and rack up bills, all billed to the company that left the door open.

This is not a breach. No attacker had to do anything clever. The door was just open.

The companies that deployed these systems sold their customers "AI-powered" products. Nobody told those customers that the backend was sitting on the open internet with no lock on it. Nobody was watching. Nobody audited the configuration. The users never knew.

They sold the dream. We flag the wreckage.