As if AI weren’t enough of a security concern, now researchers have discovered that open-source AI deployments may be an even bigger problem than those from commercial providers.
Threat researchers at SentinelLABS teamed up with internet mappers from Censys to take a look at the footprint of Ollama deployments exposed to the internet, and what they found was a global network of largely homogenous, open-source AI deployments just waiting for the right zero-day to come along.
175,108 unique Ollama hosts in 130 countries were found exposed to the public internet, with the vast majority of instances found to be running Llama, Qwen2, and Gemma2 models, most of those relying on the same compression choices and packaging regimes. That, says the pair, suggests open-source AI deployments have become a monoculture ripe for exploitation.
This applies to a lot of services. Only expose something publicly if the public need to access it, and make sure it’s properly secured. If it’s just for you or your family (or friends) to use, use a peer-to-peer / mesh VPN like Tailscale.