SentinelOne and Censys uncovered roughly 175,000 exposed Ollama hosts worldwide, many operating without authentication, monitoring, or safety guardrails, with 23,000 hosts driving most activity across 130 countries and 4,032 ASNs. About half of these hosts could execute code and access APIs, enabling low-cost abuse for spam, phishing, disinformation, prompt injection, and other malicious uses. #Ollama #OperationBizarreBazaar
Keypoints
- Researchers observed 7.23 million interactions with exposed Ollama hosts over 293 days across 130 countries and 4,032 ASNs.
- Approximately 175,000 Ollama hosts were exposed, with 23,000 accounting for the majority of activity.
- About half of the identified hosts could execute code, access APIs, and interact with external systems.
- A small subset of transient but persistent hosts (13%) produced ~76% of observed activity, making them high-value targets.
- Exposed models—notably Llama and Qwen variants—are vulnerable to prompt injection and can be abused at near-zero marginal cost for malicious campaigns.
Read More: https://www.securityweek.com/175000-exposed-ollama-hosts-could-enable-llm-abuse/