Hasty Briefsbeta

Finding thousands of exposed Ollama instances using Shodan

7 days ago
https://blogs.cisco.com/security/detecting-exposed-llm-servers-shodan-case-study-on-ollama
Copy Link
  • #LLM Security
  • #Ollama Vulnerabilities
  • #AI Deployment Risks
  • The rapid deployment of large language models (LLMs) has introduced significant security vulnerabilities due to misconfigurations and inadequate access controls.
  • A study identified over 1,100 exposed Ollama servers, with approximately 20% actively hosting models susceptible to unauthorized access.
  • Common vulnerabilities include unauthorized API access, model extraction attacks, jailbreaking, resource hijacking, and backdoor injection.
  • The methodology involved using Shodan to detect exposed Ollama servers and assess their security configurations.
  • Findings revealed that many servers lacked authentication, with the majority hosted in the US, China, and Germany.
  • Mitigation strategies include enforcing authentication, network segmentation, rate limiting, and continuous monitoring.
  • The study highlights the urgent need for standardized security practices in LLM deployments.
AboutLogin