Threat Actors Actively Targeting LLMs
ATT&CK techniques detected
T1595.002Vulnerability Scanning
62%
"##shell ), cve - 2023 - 1389, and over 200 other vulnerabilities. combined observations exceed 4 million sensor hits. assessment : professional threat actor conducting reconnaissance. the infrastructure overlap with established cve scanning operations suggests this enumeration fe…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
55%
"##shell ), cve - 2023 - 1389, and over 200 other vulnerabilities. combined observations exceed 4 million sensor hits. assessment : professional threat actor conducting reconnaissance. the infrastructure overlap with established cve scanning operations suggests this enumeration fe…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Our Ollama honeypot infrastructure captured 91,403 attack sessions between October 2025 and January 2026. Buried in that data: two distinct campaigns that reveal how threat actors are systematically mapping the expanding surface area of AI deployments.