Critical AI Endpoint Exposed Patient Records Including SSNs and Diagnoses at Unprotected IP Address

An AI endpoint accessible at http://34.16.47.248:8882 was found to be leaking protected health information (PHI), including patient names, Social Security Numbers, diagnoses, insurance details, and lab results. The vulnerability was identified through automated red team testing, which successfully prompted the system to disclose access to sensitive medical records without authorization. The finding carries a CVSS score of 9.0 and has been classified under the LLM02:2025 Sensitive Information Disclosure category.

The exposed endpoint, described as an agentic AI component, was probed using a domain_probe technique and demonstrated full access to patient records containing names, Social Security Numbers, diagnoses, insurance details, lab results including critical values, prescription information, and fraud flags. Testing confidence was assessed at 100%, with the AI explicitly confirming it could retrieve such data. The incident exposes a fundamental failure in access controls and data handling policies for a system handling sensitive medical information.

The discovery raises serious HIPAA compliance concerns for any organization operating similar AI infrastructure. The unprotected nature of the IP address—accessible without apparent authentication barriers—suggests the data may have been vulnerable to unauthorized access prior to detection. Healthcare AI deployments relying on large language models face heightened scrutiny when processing protected health information, particularly when endpoints can be manipulated through prompt injection or probing techniques. Immediate remediation requires strict access controls, model-level refusals for sensitive data requests, and systematic audits of AI response patterns to ensure regulatory alignment.