Over 175,000 publicly exposed Ollama AI servers discovered worldwide - so fix now

• 175,000 Ollama systems misconfigured, publicly exposed without authentication
• Attackers exploit instances via LLMjacking to generate spam and malware content
• Issue stems from user misconfiguration, fixable by binding to localhost only

Security researchers have claimed around 175,000 Ollama systems worldwide are exposed, putting them at risk of all sorts of malicious activities. In fact, some are already being abused, and if you’re among those running an Ollama instance, you might want to consider reconfiguring it.

Recently, SentinelOne SentinelLABS and Censys discovered many businesses are running AI models locally (the AI listens only to the computer it’s running on, not the internet) using Ollama.

However, in around 175,000 cases, these are misconfigured to listen on all network interfaces, instead of just localhost, making the AI publicly accessible to anyone on the internet, without a password.