NadMesh is a newly identified botnet that has rapidly emerged as a significant threat to artificial intelligence (AI) and automation infrastructure. Since July 2026, NadMesh has targeted exposed AI and Model Context Protocol (MCP) services by leveraging Shodan, a search engine for internet-connected devices, to pinpoint vulnerable systems. This marks a notable shift in the cyber threat landscape, as cybercriminals move from indiscriminate scanning to focused, ROI-driven attacks on high-value enterprise assets.
NadMesh’s Use of Shodan to Target AI Services
The most distinctive aspect of NadMesh is its automation of reconnaissance using Shodan. At its core, NadMesh deploys a dedicated reconnaissance module, ai_harvest.py, which programmatically queries the Shodan API for exposed AI and automation platforms. This enables the botnet to efficiently locate and prioritise targets rather than wasting resources on scanning random IP addresses.
According to XLab researchers, NadMesh specifically hunts for applications and services such as:
- Ollama
- ComfyUI
- Gradio
- n8n
- Open WebUI
- Langflow
Once the reconnaissance module identifies exposed services, it injects their IP addresses into the botnet’s scanning queue at the highest priority. By leveraging Shodan’s intelligence, NadMesh operators can focus their attacks on live, vulnerable AI deployments, significantly increasing their attack efficiency and reach.
This approach is part of a broader trend among cybercriminals, who are increasingly automating reconnaissance and attack phases to maximise impact. By integrating third-party data sources like Shodan, NadMesh avoids the inefficiency of brute-force scanning and immediately targets systems that are most likely to yield results.
NadMesh’s Attack Vectors and Persistence Mechanisms
NadMesh demonstrates industrial-scale sophistication, employing more than 20 unique exploitation vectors to compromise systems. These include vulnerabilities and misconfigurations across a wide range of enterprise and cloud services. The malware is written in Go, which allows for rapid cross-platform deployment and evolution of its capabilities.
Key stages of the NadMesh operation include:
- Intelligence gathering: Automated Shodan queries and profiling of target services.
- Centralised control: A controller listens on ports 80 and 8443, managing bots via HMAC-authenticated beacons.
- Autonomous task supply: Bots receive commands and payloads based on real-time intelligence.
- Polymorphic binary construction: The malware adapts to different environments and evades detection.
- Active delivery: Exploitation and payload deployment against prioritised targets.
The botnet features a web-based management panel for operators, providing analytics, conversion-funnel data, and real-time visibility over infection campaigns. This level of operational maturity is more often seen in commercial-grade software than in traditional malware.
Once a device is compromised, NadMesh establishes robust persistence through multiple channels:
- Insertion of SSH authorised keys for backdoor access
- Deployment of several hidden binary copies to evade simple removal
- Cron-based watchdog processes that automatically restore the malware if any component is removed
This layered approach ensures that removing one infected file or process does not eradicate the bot, making remediation significantly more challenging for defenders.
Scope, Impacted Systems, and Exploitation Timeline
NadMesh’s campaign began in early July 2026 and has since expanded rapidly, signalling a deliberate focus on AI and automation infrastructure. The malware actively scans and attacks 30 different ports commonly used by enterprise web services, Kubernetes clusters, database management systems, container APIs, and internal monitoring tools. This breadth of scanning demonstrates the botnet’s intent to gain footholds across a range of critical business functions.
The affected products include, but are not limited to:
- Ollama
- ComfyUI
- Gradio
- n8n
- Open WebUI
- Langflow
All versions of these services that are exposed to the internet without adequate authentication or network controls are at risk. The botnet’s current exploitation status is active, with infection clusters observed globally and ongoing intelligence collection and compromise attempts against new targets.
The rapid adoption of Shodan-based reconnaissance, combined with automated exploitation and robust persistence, marks NadMesh as a product-grade threat. Its operators have signalled intent to expand targeting, and the campaign remains ongoing. XLab’s detailed analysis highlights the real-time nature of these attacks, with the botnet dynamically adjusting its tactics as new AI and automation services come online and are indexed by Shodan.
Why This Matters and Recommended Actions
NadMesh represents a shift towards industrialised cybercrime targeting AI infrastructure. As more organisations deploy AI and automation tools, the risk of exposure grows—especially for small and medium businesses lacking dedicated security teams. The use of advanced reconnaissance and persistent backdoors increases the likelihood of compromise and the difficulty of remediation.
- Audit AI and automation services for internet exposure and enforce strong authentication.
- Monitor for unusual connections on ports commonly used by NadMesh.
- Stay informed about emerging vulnerabilities affecting AI infrastructure.
Originally reported by cybersecuritynews.com.




