"175,108 unique Ollama hosts in 130 countries were found exposed to the public internet, with the vast majority of instances found to be running Llama, Qwen2, and Gemma2 models, most of those relying on the same compression choices and packaging regimes. That, says the pair, suggests open-source AI deployments have become a monoculture ripe for exploitation."
""A vulnerability in how specific quantized models handle tokens could affect a substantial portion of the exposed ecosystem simultaneously rather than manifesting as isolated incidents," the duo said in their writeup."
"To make matters worse, many of the exposed Ollama instances had tool-calling capabilities via API endpoints enabled, vision capabilities, and uncensored prompt templates that lacked safety guardrails. Because they're not managed by a large AI company, SentinelLABS and Censys warned, those exposures likely aren't being tracked by anyone, meaning exploitation could go unnoticed."
""LLMs are increasingly deployed to the edge to translate instructions into actions," SentinelLABS and Censys concluded."
175,108 unique Ollama hosts in 130 countries were found exposed to the public internet. The vast majority of instances ran Llama, Qwen2, and Gemma2 models with common compression choices and packaging regimes, producing a largely homogenous open-source AI deployment landscape. A vulnerability in how specific quantized models handle tokens could affect a substantial portion of the exposed ecosystem simultaneously. Many instances had tool-calling API endpoints, vision capabilities, and uncensored prompt templates lacking safety guardrails. Exposures are often unmanaged and untracked, increasing the chance that exploitation will go unnoticed. Key risks include resource hijacking, remote privileged execution, and identity laundering. AI deployments should be treated as critical infrastructure.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]