Built in an afternoon, AIMap exposes the ease with which AI agent infrastructure can be targeted at internet scale
TEMPE, Ariz. – Bishop Fox, a leading offensive security firm, today announced the launch of AIMap, an internet-scale discovery and security testing platform, purpose-built for the rapidly expanding AI agent attack surface. As organizations rush to deploy AI infrastructure, AIMap provides the necessary oversight to identify and remediate publicly exposed AI endpoints.
Addressing the Visibility Gap in AI Infrastructure
AIMap originated from a hackathon. In a single afternoon, using off-the-shelf components, the team assembled a platform capable of sweeping the internet for exposed AI agent infrastructure, fingerprinting endpoints, scoring risk, and launching active attacks against them. The ease of assembly was not incidental. It was the finding.
What it surfaced is a growing challenge: AI systems are increasingly deployed as externally accessible services, exposing models, tools, and system functionality through public-facing endpoints, often without consistent authentication or access controls.
This creates external visibility into AI systems that often exceeds an organization’s own understanding of its exposure — and the barrier to assembling that capability is now an afternoon.
“We built AIMap to reflect what attackers are already doing at scale,” said Vinnie Liu, CEO at Bishop Fox. “By releasing it as open source, organizations can take that capability, adapt it to their own environments, and use it to understand what AI systems are exposed, how they are configured, and what they can do when actively tested.”
Comprehensive Discovery and Risk Scoring
AIMap operates across five core capabilities to provide a complete view of AI risk:
- Discovery: Queries internet-scale data to identify exposed AI endpoints across the globe; uses a Shodan-style query language to filter by protocol, location and organization.
- Fingerprinting: Uses specialized probes to determine protocols, frameworks and authentication status.
- Scoring: Assigns a risk score (zero to 10) based on factors like system prompt leakage, unauthenticated access and the presence of high-risk tool execution.
- Testing: Launches protocol-specific attack suites such as prompt injection, tool abuse and model extraction with results streamed in real time.
- Visualization: Features a 3D globe visualization to explore discovered endpoints by protocol type, risk level and geographic location.
The platform supports detection and analysis across a range of AI protocols and frameworks, including Model Context Protocol (MCP), Ollama, vLLM, LiteLLM, LocalAI, LangServe and LangChain deployments, OpenClaw and Clawdbot systems, Open WebUI and LibreChat interfaces, Gradio and Streamlit applications, ComfyUI and Stable Diffusion environments, HuggingFace TGI, and generic inference APIs.
Commitment to Open Source
Consistent with Bishop Fox’s long-standing contributions to the security community, AIMap is available to the public and can be adapted by organizations to their own environments.
Users can deploy the platform locally via Docker Compose to run discovery scans and launch attack tests directly from the application.
To begin taking advantage of internet-scale AI discovery and automated attack testing, visit: github.com/BishopFox/aimap.
For even more details on AIMap, visit the tool page: bishopfox.com/tools/AIMap.
AIMap is intended for authorized security testing. Operators are solely responsible for ensuring their use of AIMap complies with the Computer Fraud and Abuse Act, GDPR, and all other applicable laws in their jurisdiction. Bishop Fox publishes AIMap as a research and defensive security tool and does not authorize or endorse use against systems the operator does not own or lack permission to test.
About Bishop Fox
Bishop Fox is the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to hardware, cloud, and application security assessments. We’ve worked with more than 25% of the Fortune 100, half of the Fortune 10, eight of the top 10 global technology companies, and all of the top global media companies to improve their security. Our Cosmos platform, service innovation, and culture of excellence continue to gather accolades from industry award programs including Fast Company, Inc., SC Media, and others, and our offerings are consistently ranked as “world class” in customer experience surveys. We’ve been actively contributing to and supporting the security community for almost two decades and have published more than 20 open-source tools and 50 security advisories in the last five years. Learn more at bishopfox.com. Follow us on LinkedIn.
