Subj : Hundreds of LLM servers left exposed online - here's what we know
To   : All
From : TechnologyDaily
Date : Tue Sep 02 2025 15:15:09

Hundreds of LLM servers left exposed online - here's what we know

Date:
Tue, 02 Sep 2025 14:13:00 +0000

Description:
Ollama servers were easily found with a quick Shodan search, but many are 
dormant and thus unusable.

FULL STORY
======================================================================Cisco 
Talos found hundreds of Ollama servers that can be abused for all sorts of 
cybercrime Potential threats include model extraction attacks, jailbreaking 
and content abuse, or backdoor injection and model poisoning (deploying 
malware) Businesses are neglecting fundamental security practices, Cisco 
warned 

More than 1,100 Ollama servers were found exposed on the public internet, 
opening the doors to all sorts of cybercrime, experts have claimed. 

After a quick Shodan search, security researchers Cisco Talos found the 
servers, which are either local or remote systems that run large language 
models without relying on external cloud providers. They allow users to 
download, manage, and run AI models directly on their own hardware or in 
private infrastructure. This setup is often used by developers and businesses 
that want more control, privacy, and lower latency when working with 
generative AI. 

When these servers are exposed to the wider internet, they enable model 
extraction attacks (attackers reconstructing model parameters), jailbreaking 
and content abuse (forcing LLMs to generate restricted or harmful content), 
or backdoor injection and model poisoning (deploying malware ), among other 
things. Dormant and active servers 

Out of the 1,100 servers that were discovered, the majority (around 80%) were 
dormant - meaning they werent running any models and thus could not be abused 
in cybercrime. 

The remaining 20%, however, are actively hosting models susceptible to 
unauthorized access, as Cisco Talos put it. The researchers warned how their 
exposed interfaces could still be leveraged in attacks involving resource 
exhaustion, denial of service, or lateral movement. 

Most of the exposed servers are found in the United States (36.6%), followed 
by China (22.5%), and Germany (8.9%). 

For Cisco Talos, the findings highlight a widespread neglect of fundamental 
security practices such as access control, authentication, and network 
isolation in the deployment of AI systems. 

In many ways, this is not unlike misconfigured or exposed databases, which 
malicious actors can easily access, stealing data to use in phishing or 
social engineering attacks. 

 Via The Register You might also like Not even fairy tales are safe - 
researchers weaponise bedtime stories to jailbreak AI chatbots and create 
malware Take a look at our guide to the best authenticator app We've rounded 
up the best password managers



======================================================================
Link to news story:
https://www.techradar.com/pro/security/hundreds-of-llm-servers-left-exposed-on
line-heres-what-we-know


--- Mystic BBS v1.12 A49 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.