The `Ray` open source cluster has been found vulnerable to malicious exploitation due to potential misconfiguration, but Anyscale-hosted clusters are not affected. To help users verify their cluster configurations and avoid accidental exposure, a tool is being provided by the developers, which includes a client-side script and server-side code that can be used to check for open ports in Ray clusters. The tool will return information on whether or not ports are open, but it does not validate what is running on those ports, so further investigation may be necessary to determine if an open port poses a security risk. The tool has already been pre-configured with defaults that can reach out to a server for verification, and its source code is available under Apache2. Anyscale will also host the tool for community testing, and it will be included in Ray 2.11, expected in April.