AWS
Google Cloud
Kubernetes
Microsoft AzureOverview
Public AI endpoints increase the blast radius of prompt injection, data extraction, model abuse, and denial-of-wallet attacks. AI inference and agent endpoints should be private by default and exposed only through approved gateways with authentication, rate limits, logging, and abuse controls.
Remediation guidance
Remediation
Move AI endpoints behind private networking or an approved application gateway. Require authentication and authorization, restrict source networks, enable request logging, and apply rate limits.
Azure
Disable public network access where supported and use private endpoints for Azure AI Foundry, Azure OpenAI, Azure Machine Learning, AI Search, and Bot Services.
GCP
Prefer private endpoints or Private Service Connect for Vertex AI endpoints. Review deployed model service accounts before exposing an endpoint.
Kubernetes
Avoid internet-facing LoadBalancer, NodePort, or Ingress resources for AI workloads unless they are fronted by approved identity, WAF, and rate-limit controls.
Operational rollout
- Identify public AI endpoints and classify production or sensitive workloads first.
- Move access through private networking or an approved gateway.
- Re-scan and document any exception with an owner, business reason, and expiry date.
Query logic
These are the stored checks tied to this control.
AI endpoints should not be internet exposed
Connectors
Covered asset types
Expected check: eq []
{
azureAIServiceAccounts(where: { publicEndpoint: { eq: true } }) { ...AssetFragment }
azureOpenAIDeployments(where: { publicEndpoint: { eq: true } }) { ...AssetFragment }
azureMachineLearningWorkspaces(where: { publicEndpoint: { eq: true } }) { ...AssetFragment }
azureMachineLearningEndpoints(where: { publicEndpoint: { eq: true } }) { ...AssetFragment }
azureAISearchServices(where: { publicEndpoint: { eq: true } }) { ...AssetFragment }
azureAIVideoIndexerAccounts(where: { publicEndpoint: { eq: true } }) { ...AssetFragment }
azureBotServices(where: { publicEndpoint: { eq: true } }) { ...AssetFragment }
azureSynapseWorkspaces(where: { publicEndpoint: { eq: true } }) { ...AssetFragment }
vertexAIEndpoints(where: { publicEndpoint: { eq: true } }) { ...AssetFragment }
services(where: { annotations_SOME: { key: { eq: "cyscale.com/ai-service" }, value: { eq: "true" } }, type_IN: ["LoadBalancer", "NodePort"] }) { ...AssetFragment }
ingresses(where: { annotations_SOME: { key: { eq: "cyscale.com/ai-service" }, value: { eq: "true" } } }) { ...AssetFragment }
}
