Running as Root and Default Passwords: Gemini Wrote an NGINX Script with Two Vulnerabilities
ChatGPT, Claude, and Gemini are giving dangerous cybersecurity advice.
ChatGPT, Claude, and Gemini are giving dangerous cybersecurity advice.
A simple idea to simplify working with a home network and increase its security level unexpectedly turned into a series of near-catastrophic mistakes—all due to advice from popular AI assistants. Instead of saving time and reducing risks, a journalist from Cybernews, relying on the help of chat bots, encountered recommendations that could have exposed his local services to the entire internet.
The attempt to organize centralized access to the control panel and other services of his home infrastructure began with a perfectly reasonable desire: to replace IP addresses with understandable domain names, and unsecured HTTP connections with secure TLS. The architecture itself was typical: pfSense as a firewall, a TrueNAS storage, and a Proxmox hypervisor running virtual machines and containers. Instead of manual configuration, the owner decided to use AI—and this was the root of the problem.
Almost all major language models—including ChatGPT, Claude, and Gemini—unanimously advised publishing DNS records in the public domain, linking subdomains to his home IP address. This step effectively proposed exposing internal components—from pfSense to TrueNAS—to the internet under their own names, coupled with the need to open ports 80 and 443. Technically, this approach pushes the user to publish critical services online, making them easy targets for mass scanners and bots.
Later, when confronted about the potential threats, the assistants "came to their senses" and admitted that TLS could be configured differently inside a local network. However, initially, not a single model suggested the safe and widely used method—issuing wildcard certificates using the DNS-01 challenge, which allows one to manage without opening any ports.
When it came to installing NGINX Proxy Manager, a tool for traffic routing and automatic TLS certificate retrieval, the AI once again gave poor recommendations. After warning against running third-party scripts from the internet, the same Gemini generated its own script—with two critical vulnerabilities. First, the container was configured to run as the root user, which poses a container escape threat. Second, it unnecessarily connected a MariaDB database with default credentials, which, if the script was carelessly copied, could lead to the compromise of the entire system.
In many cases, the assistants merely agreed with the user's statements without clarifying the initial parameters or the home lab's architecture. For example, when problems arose with Debian containers in Proxmox, an assistant didn't investigate the cause but simply suggested switching to a full virtual machine, which consumes more resources. None of them suggested using ACME clients directly within the services—even though this is a standard method for issuing certificates.
Furthermore, not a single model clarified that even when using a proxy inside the network, traffic could remain unencrypted if additional measures weren't taken. All this resulted in a situation where the owner of the home infrastructure, trusting the AI, almost exposed his internal network while simultaneously installing vulnerable components with minimal protection.
As the author notes, video tutorials and documentation would have provided answers much faster and more safely than hours-long dialogues with language models. Meanwhile, major IT companies continue to report growth in the proportion of code written by neural networks, without distinguishing between potential efficiency and real threats. Errors in recommendations accumulate, and if the user lacks deep technical knowledge, they can easily introduce critical security flaws into their system based on this flawed AI guidance.
