Unsecured AI Ollama Hosts Found Exposed Online

A new joint investigation by SentinelOne SENTINELLABS and Censys has uncovered a massive, unmanaged global network of exposed Ollama AI infrastructure, creating a serious security blind spot for organizations. This sprawling network of 175,000 unique hosts operates outside standard platform guardrails, with the largest concentration located in China.
Consequently, the publicly accessible nature of these systems poses new security concerns requiring novel defensive approaches. Nearly 50% of observed hosts are configured with tool-calling capabilities, meaning they can execute code and access APIs. Researchers Gabriel Bernadett-Shapiro and Silas Cutler added that this “fundamentally alter[s] the threat model.”
Meanwhile, the risk of infrastructure abuse, termed LLMjacking, has moved from theory to practice. A separate report from Pillar Security this week details an active campaign dubbed Operation Bizarre Bazaar, where attackers scan for and sell access to these endpoints. This operation has been traced to a threat actor named Hecker.
The decentralized and often residential nature of this infrastructure complicates traditional governance and monitoring. Therefore, defenders must treat externally accessible LLMs with the same stringent controls as other critical infrastructure.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• Apple Reports Q1 2026 Earnings Amid iPhone, AI Focus
• Gold Soars Past $5,500 as Bitcoin Stagnates
• Bitcoin, Solana Prediction Markets Turn Bearish
• Senate blocks funding bill, partial shutdown looms Friday
• US Lawmakers Begin Pivotal Crypto Bill Markup Session