BrianKrebsFeb 9, 2025

Was reading this Substack post about US gov cloud servers being pointed at AI companies. It observed that a number of US gov cloud servers on AWS are now pointing to IPs at a company called inventry.ai

https://cyberintel.substack.com/p/doge-exposes-once-secret-government

I checked on a few of the IPs mentioned in this writeup, and it checks out. E.g., the IP address 18.253.166.131 from 2020-2024 was tied to us-gov-east-1.compute.amazonaws.com and is part of the gov cloud infrastructure at AWS. Loading that IP into DomainTools Iris, we can see the SSL cert assigned to them is for inventry.ai.

Methinks we need to know more about Inventry.

DOGE Exposes Once-Secret Government Networks, Making Cyber-Espionage Easier than Ever

A new investigation shows nuclear secrets and government servers are dangerously exposed to nation-state hackers.

Cyber-Intelligence Brief
Show threadBrianKrebs

"We do whatever it takes to gather the necessary data." Also, good thing it's passwordless.

According to their documentation, their product basically sucks in all your data and builds and AI driven high level representation of structures, connections, etc. Could be useful for seeing where money is flowing, which organizations connect to which, etc.

https://www.inventry.ai/how-it-works

How it works — Inventry.ai

Inventry.ai
Feb 9, 2025 at 10:00pmWeb
Show threadAvi Rappoport (avirr)Feb 10, 2025
@briankrebs So no security or even accountability, oy vey!
Show threadDMTomFeb 10, 2025
@briankrebs 🤞🤞 it’ll work like math, when hallucinating man meets hallucination machine… maybe just maybe it will be a double negative type of thing… Or we are indeed living in “interesting times” (of the Chinese curse fame;)
Show threadyesthatkarimFeb 10, 2025

@briankrebs I only looked down the rabbit hole a little and 😱 HOLY SHIT. They not only brag about not needing usernames and passwords (security just holds back innovation?) but they brag that Neanderthal suppliers don’t even need tech skills.

Like, sure, let’s have random people weighing in on things that have a huge effect on supply chains. Authentication will be by…(??? The super-secure email protocol that has never been spoofed??) What could go wrong

Show threadyesthatkarimFeb 10, 2025

@briankrebs Their list of clients at the bottom includes 1) Stoke Space, who competes with SpaceX and employs former top SpaceX engineers (???) 2) An Indian tool & die maker and 3) A small American company that’s a subsidiary of 2).

I guess it’s possible # 3 machines sensitive parts for things that go boom, and thus has ITAR compliance to worry about, which would justify GovCloud.

Show threadyesthatkarimFeb 10, 2025

@briankrebs but if you have 35 employees, how is your supply chain such a nightmare you need (presumably not cheap) AI to run it? And with $6 million in revenue, how are you even afloat?

Nobody cares about the web sites too much — the $6 million in revenue was in 2014, and the company history for # 2 grinds to a halt in 2016.

Hoping for a benign explanation for it all…