SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Tuesday, February 3rd, 2026: Scanning for AI; Notepad++ Compromise; OpenClaw Vulnerabilities
14 snips
Feb 3, 2026 Scans found attempts to discover exposed Anthropic models on the open Internet. A popular text editor’s update host was hijacked and linked to a state-level backdoor campaign. An AI assistant platform has insecure loopback websockets, a wave of malicious skills, and thousands of instances exposed publicly.
AI Snips
Chapters
Transcript
Episode notes
Public Scans Target Exposed Anthropic Models
- Exposed Anthropic model endpoints were detected scanning from a Tor exit node over the weekend.
- Johannes Ulrich warns not to expose locally hosted models or proxies directly to the Internet.
Audit Notepad++ For Supply-Chain Backdoor
- Check Notepad++ installs for malicious downloads and follow Rapid7 IoCs to identify compromise.
- Update to the new hosting provider release and verify installer integrity to remediate the supply chain backdoor.
Convenience Created OpenClaw's Risk Surface
- OpenClaw (ClawedBot/MoldBot) gained rapid adoption because it automates workflows across web services.
- That convenience also exposes large attack surface due to the many integrations it requires.