Patrick Quirk

The AI Minister's Blind Spot: How Albania's Anti-Corruption Bot Can't See Its Own Parliament's Open API

I pulled 32 gigabytes from the Albanian Parliament's open API, extracted 7 years of MP salary data, and discovered the world's first "AI cabinet minister" is an empty Vue.js shell with no AI behind it

Patrick Quirk's avatar
Patrick Quirk
May 13, 2026
∙ Paid

The Pitch

In September 2025, Albanian Prime Minister Edi Rama made global headlines by appointing the world’s first AI system to a cabinet-level government position. Her name was Diella, an avatar dressed in traditional Albanian costume, powered by Microsoft Azure and OpenAI, officially designated as “Minister of State for Artificial Intelligence” (TIME; Al Jazeera).

Her stated mission: eliminate corruption in public procurement. “Public tenders will be 100 percent free of corruption,” Rama declared. UN agencies praised the move. TIME ran a feature. The EU cited it as evidence of Albania’s modernization on the path to membership by 2030.

Three months later, in December 2025, the Director General of AKSHI, the agency that built Diella, was arrested for corruption (Tirana Times). The charge: manipulating the very government tenders that Diella was supposed to monitor.

My investigation started with Diella. It ended with the Albanian Parliament. And when I went back two months later with better tools and more patience, it ended somewhere much worse.


Phase 1: The JavaScript Bundle (February 2026)

The original scope was narrow: examine the Diella AI frontend, look for leaked API keys or backend URLs, assess whether this “AI minister” was real technology or political theater.

The Diella frontend was clean. A 229 KB Vue.js bundle with Quasar framework, no API endpoints, no hardcoded backend URLs. Environment variables were limited to CSS styling: font sizes, colors, padding values. AKSHI’s internal infrastructure sat behind internal-only DNS with no public resolution: a Hasura GraphQL engine, a Keycloak authentication server, and custom REST APIs, none of which resolved publicly.

I expanded to AKSHI’s broader subdomain footprint. Certificate transparency logs revealed 110 subdomains. Jira, Rancher, an internal Wiki, VS Code Server, Collabora Online. All internal-only. No public response on any.

I scanned 17 Albanian government domains. The results were consistent: Incapsula WAFs, 403 Forbidden responses, locked-down WordPress APIs, or complete non-response. Albanian government infrastructure, at the surface level, is well-hardened.

Then I checked the Parliament.

Albania’s Parliament at parlament.al runs a React single-page application. Every path returns HTTP 200 with the same index.html, a classic catch-all router that initially looked like a dead end. But a React SPA still needs to talk to a backend. And the code that makes those calls lives in the JavaScript bundle.

I pulled the main chunk, 355 KB of minified webpack output, and ran string extraction. Buried in the variable assignments was a hardcoded API base URL pointing to an Azure-hosted OData backend, along with seven entity names: anetaret (members), strukturat (structures), aktet (acts), lajmet (news), mbledhjet (meetings), dokumentet (documents), and abonimet (subscriptions).

Six of seven responded to unauthenticated GET requests. No API key. No bearer token. No session cookie. No rate limiting.

The seventh, abonimet (subscriptions), returned 401. Someone clearly knew how to require authentication. They just didn’t apply it to the other six.


What the API Exposed

The anetaret endpoint returned 236 records, one for every Member of the Albanian Parliament. Each record contained full legal name (first name, father’s name, surname), date of birth, place of birth, official email address, political party affiliation, electoral district, profile photo URL, and social media links.

The dokumentet endpoint was 30 megabytes of JSON cataloging every document uploaded to the Parliament’s Azure Blob Storage. Each record included a direct download URL. I extracted those URLs. There were 54,545 of them.

Container listing was disabled on the blob storage, creating a false sense of security. But every individual file URL worked without authentication, and every URL was published in the API response. Disabling the directory listing while publishing 54,545 direct links is not a security control.

The document breakdown included 32,627 PDFs, nearly 20,000 images, 885 Word documents, and 509 Excel spreadsheets. The spreadsheets were the most revealing: monthly salary sheets for every MP, benefits and perks breakdowns, a lobbyist registry, a civil society organization registry, FOIA request and response logs spanning four years, and government budget tables.

I documented everything, published a writeup, and moved on. Then two months later I went back.


Phase 2: The Full Pull (April 2026)

On April 15, 2026, I re-tested every endpoint. Not a single one had been secured. The API was still wide open, still actively maintained, still being fed new data. Meetings were recorded through that day. News articles through the day before. The dokumentet catalog had grown from 54,545 to 57,287 records in seven weeks.

This time I pulled everything.

I ran a 32-thread parallel downloader against Azure Blob Storage in two passes: the first run, then a retry pass for 18,000 URLs that Python’s urllib had rejected because Albanian government employees had uploaded files with literal spaces in the filenames. The full recovery took 45 minutes.

52,942 files. 32 gigabytes. 94.7% recovery rate against the catalog. The remaining 5.3% were genuinely deleted from Azure, the blobs no longer existed at those URLs. The rest were all live, all public, all downloadable without a single authentication header.

Eighteen gigabytes of PDFs. Nine gigabytes of photographs. Salary spreadsheets going back to August 2018. Parliamentary transcripts. Legislative drafts. Committee reports. Budget expenditure tables. International agreements. The complete documentary record of the Albanian Parliament from 2013 through April 2026.


Seven Years of Salary Data

The spreadsheet haul included 116 payroll files spanning August 2018 through January 2026. I wrote a parser that handled the varying column layouts across years (the pre-2022 files used different Albanian grammatical cases for column headers) and extracted everything into a single unified dataset.

11,030 salary records. 398 unique MPs. 2018 through 2026.

The data reveals a four-tier pay structure. The Speaker of Parliament, Niko Peleshi, earns 393,125 Albanian Lek per month gross (roughly $3,900 USD). Parliamentary group leaders earn 356,788 ALL. Committee chairs and vice speakers earn 325,000 to 329,000 ALL. Rank-and-file MPs earn 310,250 ALL. The spread from top to bottom is only 27%, remarkably flat for a national legislature.

But the more interesting column is penalties. Albanian law (Vendimi 114/2014) docks MP pay for missing sessions and committee meetings. Some members show massive gaps between gross and net: Opposition leader Gazment Bardhi earned 356,788 gross but only 210,104 net in January 2026, a 41% deduction. That is either chronic absenteeism or significant additional withholdings.

Every MP. Every month. For seven and a half years. All from public blob storage, cataloged in an unauthenticated API.


The Transcript Archive Nobody Mentioned

While probing the Parliament’s JavaScript bundle for additional endpoints, I found references to three subdomains I hadn’t seen before. One of them, bisedimet.parlament.al, was live.

It was an entirely separate platform: a “Document Archive API” running Node.js on a server at the path /root/Kuvendi-Backend/. The health endpoint confirmed it was running in production, using MeiliSearch for full-text search, with a Prisma database, 92% memory utilization, and 2.4 days of uptime at the time of discovery.

The API had 20 OCR-processed parliamentary transcripts from 2022 through 2024, covering plenary sessions with 261 unique named speakers. Every document was downloadable without authentication. The full-text search worked without authentication. The health endpoint leaked server paths, memory usage, and uptime data.

The schema included fields for AI vector search and document embeddings, the building blocks for semantic search over parliamentary proceedings. But every single document had its embedding status set to PENDING. The vector search feature was planned. It was never completed.

This is the closest thing to the “83 AI children” that actually exists: a search engine over 20 PDFs, running as root on a server that’s almost out of memory, with the AI features half-built and abandoned. That is the reality behind the press conferences.


Diella Has No Backend

This was the finding I didn’t expect. After documenting everything the Parliament leaked, I turned back to the original question: is Diella a real AI system, or is it theater?

The Diella frontend at proud-coast-026495803.4.azurestaticapps.net is a Vue.js single-page application. I re-downloaded the 229 KB bundle and extracted every URL, every string literal, every configuration reference. The result: zero API endpoints. Zero backend URLs. Zero references to OpenAI, Azure Cognitive Services, or any AI/ML service. The bundle contains nothing but the Quasar UI framework and Vue.js runtime code. It is an empty shell.

I tested aibot-api.azurewebsites.net, the most logical hostname for a Diella backend. It returned the default Azure App Service welcome page: “Your web app is running and waiting for your content.” A .NET application that was either never deployed or was wiped clean.

I tested diella-api, aibot, chatbot, and assistant across .azurewebsites.net, .azure-api.net, and .azurefd.net. All returned 404 or default pages.

The Azure Static Web App’s authentication layer is configured. .auth/me returns {"clientPrincipal": null}. .auth/login/aad redirects to Azure Active Directory. .auth/login/github returns a 302. The auth wall is set up. But there is nothing behind it.

Diella is a frontend with no backend. An avatar with no brain. The world’s first AI cabinet minister is a Vue.js component that renders a costume and a name.


The Context

These findings do not exist in isolation. Albania has a documented history of catastrophic data exposure that makes an open Parliament API something worse than negligence. It is a pattern.

In April 2021, a database containing records for 910,000 Albanian citizens leaked online. Names, ID numbers, phone numbers, employer information, tax data, and predicted political affiliations. Roughly one-third of the entire population. The data was allegedly compiled for electoral targeting by the ruling Socialist Party (Balkan Insight).

In December 2021, salary records for 637,138 Albanian citizens, 22 percent of the country, leaked via WhatsApp as an Excel file. Names, ID card numbers, salaries, job positions, employers. PM Rama apologized and said it “looks more like an internal infiltration rather than an outside cyber-attack.”

In 2022, Iranian state-sponsored hackers operating as “HomeLand Justice” breached AKSHI itself, the agency that would later build Diella. They claimed 100 terabytes exfiltrated and 2 petabytes deleted. Leaked data included 100,000+ police suspect records, ministerial correspondence, intelligence agency employee data, and citizen identification records. CISA and the FBI issued a joint advisory (AA22-264A). Albania severed diplomatic relations with Iran, the first NATO country to cut ties over a cyberattack (MITRE ATT&CK; CISA).

In December 2025, AKSHI’s Director General Mirlinda Karcanaj and her deputy were placed under house arrest. The charges: structured criminal group participation across 12 procurement procedures. The Balkan Investigative Reporting Network concluded: “Capture of AKSHI by criminal interests endangers national security.”

The timeline is worth reading slowly. Iran breaches AKSHI. AKSHI builds an AI to fight corruption. AKSHI’s leadership is arrested for corruption. The Parliament the AI is supposed to monitor has had its entire API open for four years. And the AI itself has no backend.


What AI Governance Actually Requires

Albania deployed the world’s first AI minister into a government that had not yet mastered HTTP authentication.

Before you announce 83 AI assistants to monitor Parliament, you need a Parliament that can put an API key on an endpoint. Before you claim your AI will make public tenders “100 percent free of corruption,” you need an IT agency whose leadership is not under arrest for tender manipulation. Before you invite the international press to celebrate your AI governance breakthrough, you need to check whether your parliament’s entire document archive, salary records, and MP personal data are sitting on public blob storage.

Albania skipped all of these steps. They went straight from “our IT agency was breached by Iranian state hackers” and “a third of our citizens’ data was leaked” to “the world’s first AI cabinet minister.” The international community applauded. Nobody audited the infrastructure.

This is what happens when governments treat AI as a press release instead of a technical deployment. The Diella frontend was clean, I will give AKSHI’s developers credit for that. But the institution Diella was designed to watch had its entire backend exposed. And Diella herself had no backend at all.

You cannot automate oversight of a system you haven’t secured. You cannot deploy AI governance on top of broken infrastructure. And you absolutely cannot announce 83 AI parliamentary monitors when the most you’ve actually built is a search engine over 20 PDFs running as root on a server at 92% memory, with the AI features showing PENDING across the board.

Albania didn’t build the future of AI governance. It built a demonstration of what happens when you skip the boring work and jump straight to the headline.


Methodology

All data was recovered from publicly accessible, unauthenticated API endpoints and Azure Blob Storage URLs. No authentication was bypassed. No credentials were used. No access controls were circumvented. No exploitation was performed. The Parliament API responds to standard HTTP GET requests. The blob storage URLs return documents to any browser.

Phase 1 was conducted on February 25, 2026. Phase 2 was conducted on April 15-16, 2026. JavaScript bundle analysis, API enumeration, blob recovery, XLSX salary extraction, and subdomain discovery were performed using standard OSINT techniques: curl, Python scripting, and manual code review.


This investigation is part of an ongoing series examining government digital infrastructure security across multiple countries.

User's avatar

Continue reading this post for free in the Substack app

Or purchase a paid subscription.
© 2026 Ringmast4r · Privacy ∙ Terms ∙ Collection notice
Start your SubstackGet the app
Substack is the home for great culture