Hundreds of LLM servers left exposed online - here's what we know

News
By published

The servers were easily found with a quick Shodan search

Holographic silhouette of a human. Conceptual image of AI (artificial intelligence), VR (virtual reality), Deep Learning and Face recognition systems. Cyberpunk style vector illustration.
(Image credit: Shutterstock)
  • Cisco Talos found hundreds of Ollama servers that can be abused for all sorts of cybercrime
  • Potential threats include model extraction attacks, jailbreaking and content abuse, or backdoor injection and model poisoning (deploying malware)
  • Businesses are neglecting fundamental security practices, Cisco warned

More than 1,100 Ollama servers were found exposed on the public internet, opening the doors to all sorts of cybercrime, experts have claimed.

After a quick Shodan search, security researchers Cisco Talos found the servers, which are either local or remote systems that run large language models without relying on external cloud providers. They allow users to download, manage, and run AI models directly on their own hardware or in private infrastructure. This setup is often used by developers and businesses that want more control, privacy, and lower latency when working with generative AI.

When these servers are exposed to the wider internet, they enable model extraction attacks (attackers reconstructing model parameters), jailbreaking and content abuse (forcing LLMs to generate restricted or harmful content), or backdoor injection and model poisoning (deploying malware), among other things.

Dormant and active servers

Out of the 1,100 servers that were discovered, the majority (around 80%) were “dormant” - meaning they weren’t running any models and thus could not be abused in cybercrime.

The remaining 20%, however, are “actively hosting models susceptible to unauthorized access”, as Cisco Talos put it. The researchers warned how “their exposed interfaces could still be leveraged in attacks involving resource exhaustion, denial of service, or lateral movement.”

Most of the exposed servers are found in the United States (36.6%), followed by China (22.5%), and Germany (8.9%).

For Cisco Talos, the findings “highlight a widespread neglect of fundamental security practices such as access control, authentication, and network isolation in the deployment of AI systems.”

In many ways, this is not unlike misconfigured or exposed databases, which malicious actors can easily access, stealing data to use in phishing or social engineering attacks.

Via The Register

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.