175,000 Exposed Ollama Hosts Could Enable LLM Abuse

175,000 Exposed Ollama Hosts Could Enable LLM Abuse

Briefly

"SentinelOne and Censys identified AI infrastructure spanning 175,000 exposed Ollama hosts, operating without the typical guardrails and monitoring that providers implement. Over 293 days of research, the security firms made 7.23 million observations distributed across 130 countries and 4,032 autonomous system numbers (ASNs), with 23,000 hosts accounting for most of the activity. Roughly half of the identified hosts could execute code, access APIs, and interact with external systems, SentinelOne says."

"The cybersecurity firm explains that a small set of transient hosts accounted for most of the observed activity. Specifically, 13% of the hosts appeared in more than 100 observations (generating nearly 76% of the activity). "Conversely, hosts observed exactly once constitute 36% of unique hosts but contribute less than 1% of total observations," SentinelOne notes. The hosts that persistently appeared in observations, SentinelOne says, "provide ongoing utility to their operators and, by extension, represent the most attractive and accessible targets for adversaries.""

"Looking at infrastructure distribution, the cybersecurity firm notes that 56% of hosts were found on fixed-access telecom networks, including consumer ISPs. In terms of geographical distribution, China accounted for the majority of hosts, at approximately 30%, followed by the US, at just over 20%. Virginia accounted for 18% of the hosts in the US. While the observed behavior pointed toward multi-model deployments, Llama AI models were the most prevalent, followed by Qwen2, Gemma2, Qwen3, and Nomic-Bert, SentinelOne says."