175,000 Exposed Ollama Hosts Could Enable LLM Abuse

SentinelOne and Censys identified AI infrastructure spanning 175,000 exposed Ollama hosts, operating without the typical guardrails and monitoring that providers implement.

Over 293 days of research, the security firms made 7.23 million observations distributed across 130 countries and 4,032 autonomous system numbers (ASNs), with 23,000 hosts accounting for most of the activity.

Roughly half of the identified hosts could execute code, access APIs, and interact with external systems, SentinelOne says.

The cybersecurity firm explains that a small set of transient hosts accounted for most of the observed activity. Specifically, 13% of the hosts appeared in more than 100 observations (generating nearly 76% of the activity).

“Conversely, hosts observed exactly once constitute 36% of unique hosts but contribute less than 1% of total observations,” SentinelOne notes.

The hosts that persistently appeared in observations, SentinelOne says, “provide ongoing utility to their operators and, by extension, represent the most ...