Over 175,000 publicly exposed Ollama AI servers discovered worldwide – so fix now

Many of these instances are running on home connections, VPS servers, or cloud machines, and around half allow “tool calling”, meaning their AI isn’t just answering questions, but also running code, calling APIs, and interacting with other systems.

Malicious actors who find these instances can abuse it to do different things and, according to Pillar Security, many are. In an attack called LLMjacking, these actors use other people’s electricity, bandwidth, and compute, to generate spam, malware content, and in some cases – to resell the access to other criminals.

To make matters worse, many systems are located outside normal enterprise security and lack the benefits of corporate firewalls, monitoring, authentication, and similar. All these things, together with the fact that many are sitting on residential IPs, makes them hard to track, and easy to abuse.

Furthermore, some systems are running uncensored models without any safety checks whatsoever, increasing the abuse potential.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Luckily, this isn’t a software bug or a vulnerability and can be addressed rather easily. Ollama already binds only to localhost (127.0.0.1) by default, meaning the problem starts with users exposing their instances to the internet without any protection. All users need to do is lock their instances down properly and they will be safe from LLMjacking.