Why is detecting LLM services important?

Unmanaged LLM services can introduce security vulnerabilities, such as prompt injection attacks and data leakage. Detecting these services is crucial for mitigating potential risks and securing organizational networks.

How does Julius enhance AI security?

By providing visibility into LLM deployments, Julius enables security teams to monitor and manage AI services, ensuring they are configured securely and compliant with organizational policies.

Introducing Julius: Enhancing AI Security with LLM Service Fingerprinting

Discover how Praetorian's open-source tool, Julius, empowers organizations to detect and secure LLM services, addressing emerging AI security challenges.

Published: January 31, 2026

Share this on:

Executive Summary

In January 2026, Praetorian released Julius, an open-source tool designed to identify and fingerprint Large Language Model (LLM) services across corporate networks. Julius enables security teams to detect various LLM services, such as Ollama, LiteLLM, and Open WebUI, by analyzing endpoints and extracting information about the models in use. This tool addresses the growing challenge of unmanaged and potentially insecure LLM deployments within organizations, which can be exploited by attackers for unauthorized access, data exfiltration, or lateral movement within networks.

The release of Julius is particularly timely given the increasing integration of LLMs into enterprise environments and the associated security risks. Recent incidents have highlighted vulnerabilities in LLM applications, including prompt injection attacks and data leakage, underscoring the need for robust detection and monitoring tools like Julius to enhance organizational security postures.

Why This Matters Now

The proliferation of LLM services in corporate environments has introduced new attack vectors, such as prompt injection and data leakage. Tools like Julius are essential for identifying and mitigating these risks, ensuring that organizations can secure their AI infrastructure against emerging threats.

Attack Path Analysis

An adversary exploited unsecured, internet-facing LLM services to gain initial access. They escalated privileges by exploiting misconfigurations or vulnerabilities within the LLM infrastructure. The attacker moved laterally across the network by leveraging compromised LLM services to access other systems. They established command and control channels through the compromised LLM services. Sensitive data was exfiltrated via the compromised LLM services. The attack resulted in significant operational disruption and potential data loss.

Kill Chain Progression

Initial Compromise

High

Privilege Escalation

Medium

Lateral Movement

Medium

Command & Control

Lowinferred

Exfiltration

Medium

Impact

Lowinferred

Initial Compromise

Description

The adversary exploited unsecured, internet-facing LLM services to gain initial access.

Confidence:

High

MITRE ATT&CK® Techniques

Initial Access

T1190

Exploit Public-Facing Application

Initial Access

T1078

Valid Accounts

Discovery

T1082

System Information Discovery

Discovery

T1046

Network Service Scanning

Collection

T1005

Data from Local System

Exfiltration

T1020

Automated Exfiltration

Impact

T1496

Resource Hijacking

Potential Compliance Exposure

Mapping incident impact across multiple compliance frameworks.

PCI DSS 4.0 – Ensure all system components are protected from known vulnerabilities

Control ID: 6.2.1

Unsecured LLM endpoints may expose systems to known vulnerabilities, violating the requirement to protect all system components.

NYDFS 23 NYCRR 500 – Cybersecurity Policy

Control ID: 500.03

The proliferation of LLM services without proper security controls indicates a lack of comprehensive cybersecurity policies addressing such technologies.

DORA – ICT Risk Management Framework

Control ID: Article 5

Uncontrolled deployment of LLM services suggests deficiencies in the ICT risk management framework required to manage and mitigate risks associated with information and communication technologies.

CISA ZTMM 2.0 – Asset Management

Control ID: 2.1

The rapid deployment of LLM services without proper oversight indicates inadequate asset management practices, a core component of a zero trust architecture.

NIS2 Directive – Cybersecurity Risk Management Measures

Control ID: Article 21

The uncontrolled spread of LLM services without security controls reflects insufficient implementation of cybersecurity risk management measures as mandated.

Sector Implications

Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.

Computer Software/Engineering

Julius tool enables detection of unsecured LLM services proliferating in development environments, exposing proprietary models and creating compute bill exploitation risks.

Information Technology/IT

LLM infrastructure sprawl creates visibility gaps for IT teams managing Ollama, LiteLLM proxies, and Open WebUI installations across corporate networks.

Financial Services

Zero trust segmentation failures and east-west traffic vulnerabilities expose sensitive financial data when unsecured LLM endpoints enable lateral movement attacks.

Health Care / Life Sciences

HIPAA compliance violations risk from untracked LLM services handling protected health information without proper egress security and anomaly detection controls.

Sources

Introducing Julius: Open Source LLM Service Fingerprintinghttps://www.praetorian.com/blog/introducing-julius-open-source-llm-service-fingerprinting/
Verified

Hackers are going after top LLM services by cracking misconfigured proxieshttps://www.techradar.com/pro/security/hackers-are-going-after-top-llm-services-by-cracking-misconfigured-proxies

Verified

Hundreds of LLM servers left exposed online - here's what we knowhttps://www.techradar.com/pro/security/hundreds-of-llm-servers-left-exposed-online-heres-what-we-know

Verified

Frequently Asked Questions

Julius is an open-source tool developed by Praetorian to identify and fingerprint LLM services within corporate networks, aiding in the detection and management of AI infrastructure.

Cloud Native Security Fabric Mitigations and ControlsCNSF

Implementing Aviatrix Zero Trust CNSF would likely have constrained the attacker's ability to exploit unsecured LLM services, limiting lateral movement and data exfiltration.

Initial Compromise

Control: Cloud Native Security Fabric (CNSF)

Mitigation: Aviatrix CNSF would likely have limited unauthorized access by enforcing identity-aware policies on internet-facing services.

Privilege Escalation

Control: Zero Trust Segmentation

Mitigation: Zero Trust Segmentation would likely have constrained the attacker's ability to escalate privileges by limiting access to critical systems.

Lateral Movement

Control: East-West Traffic Security

Mitigation: East-West Traffic Security would likely have restricted lateral movement by monitoring and controlling internal traffic flows.

Command & Control

Control: Multicloud Visibility & Control

Mitigation: Multicloud Visibility & Control would likely have identified and constrained unauthorized command and control communications.

Exfiltration

Control: Egress Security & Policy Enforcement

Mitigation: Egress Security & Policy Enforcement would likely have limited data exfiltration by controlling outbound traffic.

Impact (Mitigations)

Implementing Aviatrix Zero Trust CNSF would likely have reduced the operational impact and data loss by limiting the attacker's reach.

Impact at a Glance

Affected Business Functions

AI Service Deployment
Data Security
Network Security
Compliance Monitoring

Operational Disruption

Estimated downtime: N/A

Financial Impact

Estimated loss: N/A

Data Exposure

Potential exposure of sensitive AI models and data due to misconfigured or unsecured LLM services.

Recommended Actions

• Implement Zero Trust Segmentation to restrict access between LLM services and other network resources.
• Enforce Egress Security & Policy Enforcement to monitor and control outbound traffic from LLM services.
• Deploy Threat Detection & Anomaly Response mechanisms to identify and respond to suspicious activities within LLM services.
• Utilize Multicloud Visibility & Control to maintain oversight and governance across all cloud environments hosting LLM services.
• Apply Inline IPS (Suricata) to detect and prevent exploitation attempts targeting LLM services.

Secure the Paths Between Cloud Workloads

A cloud-native security fabric that enforces Zero Trust across workload communication—reducing attack paths, compliance risk, and operational complexity.

Stop Advanced Threats Get a Free Workload Attack Path Assessment Under Active Attack?

Introducing Julius: Enhancing AI Security with LLM Service Fingerprinting

Executive Summary

Why This Matters Now

Attack Path Analysis

Kill Chain Progression

Initial Compromise

Description

MITRE ATT&CK® Techniques

Exploit Public-Facing Application

Valid Accounts

System Information Discovery

Network Service Scanning

Data from Local System

Automated Exfiltration

Resource Hijacking

Potential Compliance Exposure

PCI DSS 4.0 – Ensure all system components are protected from known vulnerabilities

NYDFS 23 NYCRR 500 – Cybersecurity Policy

DORA – ICT Risk Management Framework

CISA ZTMM 2.0 – Asset Management

NIS2 Directive – Cybersecurity Risk Management Measures

Sector Implications

Computer Software/Engineering

Information Technology/IT

Financial Services

Health Care / Life Sciences

Sources

Frequently Asked Questions

Cloud Native Security Fabric Mitigations and ControlsCNSF

Impact at a Glance

Affected Business Functions

Recommended Actions

Key Takeaways & Next Steps

Secure the Paths Between Cloud Workloads