175,000 Publicly Exposed Ollama AI Servers Found Across 130 Countries
These articles are AI-generated summaries. Please check the original sources for full details.
Exposed Ollama AI Servers
A recent investigation by SentinelOne and Censys has uncovered a vast network of over 175,000 publicly exposed Ollama AI servers across 130 countries, with many of these systems enabling tool-calling capabilities that allow code execution and LLMjacking abuse. The exposed servers, which are spread across both cloud and residential networks, operate outside the default security controls implemented by platform providers.
Why This Matters
The discovery of these exposed servers highlights the significant security risks associated with the deployment of open-source AI frameworks like Ollama, which can be hosted locally and operate outside of the enterprise security perimeter. The fact that nearly half of the observed hosts are configured with tool-calling capabilities demonstrates the increasing implementation of large language models (LLMs) into larger system processes, posing new security concerns and necessitating new approaches to distinguish between managed and unmanaged AI compute.
Key Insights
- Over 175,000 publicly exposed Ollama AI servers have been discovered across 130 countries, with nearly half enabling tool-calling capabilities (SentinelOne and Censys, 2026).
- The exposed servers can be used for LLMjacking, where a victim’s LLM infrastructure resources are abused by bad actors to their advantage, while the victim foots the bill (Pillar Security, 2026).
- The Ollama framework allows users to easily download, run, and manage large language models (LLMs) locally on Windows, macOS, and Linux, but can be exposed to the public internet with a trivial configuration change.
Practical Applications
- Use Case: Companies like SentinelOne and Censys are using the Ollama framework to develop new AI-powered security solutions, but must ensure that their deployments are properly secured to prevent LLMjacking and other security risks.
- Pitfall: Failing to properly secure Ollama deployments can lead to LLMjacking and other security risks, resulting in significant financial and reputational damage.
References:
Continue reading
Next article
Malicious Chrome Extensions Steal ChatGPT Access and Hijack Affiliate Links
Related Content
AI-Assisted Campaign Compromises 600+ FortiGate Devices Globally
An AI-augmented threat actor compromised over 600 FortiGate devices across 55 countries by exploiting exposed management ports and weak credentials.
SnortML and Agentic AI: Closing the Intrusion Detection Gap with 350μs Local Inference
Cisco SnortML introduces native 350-microsecond ML inference to Snort 3, addressing the zero-day signature gap and enabling agentic AI defense.
Agentic AI Security Risks Exposed in Moltbook
Moltbook, an AI-powered social media platform, exposed its entire database through a publicly accessible API, highlighting significant security risks in agentic AI systems.