Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Publicly exposed Ollama AI compute footprint spans 175,000 hosts worldwide

Target Trend
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

A 175,000-host population of Ollama deployments across 130 countries has emerged as a broadly exposed AI-compute layer, increasing the risk of unmanaged access and weak visibility. The footprint is concentrated in China at a little over 30%, while nearly half of observed hosts advertise tool-calling that can execute code, reach APIs, and touch external systems. Because these instances often sit on cloud and residential networks outside standard perimeter controls, the trend raises the likelihood of LLMjacking, prompt injection, and other abuse of exposed model endpoints.

Related Happenings

Widespread exposure and misconfiguration in self-hosted AI infrastructure

Target Trend
First: 05.05.2026 13:30 Last: 05.05.2026 13:30 Sources 1

About this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...

Open Happening

Internet-exposed Rockwell Automation/Allen-Bradley PLCs concentrated in the United States

Target Trend
First: 10.04.2026 18:52 Last: 10.04.2026 18:52 Sources 1

About this happening: A measured exposure pattern shows **5,219** internet-facing **Rockwell Automation/Allen-Bradley** PLC hosts worldwide, expanding the attack surface for **industrial control** netw...

Open Happening

ComfyUI cryptomining and proxy botnet campaign targeting exposed instances

Campaign
First: 07.04.2026 15:46 Last: 07.04.2026 15:46 Sources 1

About this happening: An **active ComfyUI campaign** is scanning exposed instances, exploiting unsafe custom nodes, and enlisting compromised hosts into a **cryptomining and proxy botnet**. The operati...

Open Happening

Publicly exposed training and demo apps in cloud environments are being abused at scale

Target Trend
First: 11.02.2026 13:30 Last: 11.02.2026 13:30 Sources 1

About this happening: Publicly exposed **training and demo applications** are showing up at scale in **AWS, Azure, and GCP**, turning lab systems into real cloud footholds. Researchers verified **nearl...

Open Happening

OpenClaw public-facing RCE exposure with public exploit code remote code execution flaw

Vulnerability
First: 09.02.2026 11:30 Last: 09.02.2026 11:30 Sources 1

About this happening: **OpenClaw** deployments exposed to the public internet face **RCE risk**, with **12,812 instances** reportedly exploitable and **public exploit code** available. SecurityScorecar...

Open Happening

Timeline

  1. 29.01.2026 20:37 2 articles · 3mo ago

    Public Ollama exposure finding

    Initial Disclosure

    A joint investigation by SentinelOne SentinelLABS and Censys identified 175,000 unique Ollama hosts exposed across 130 countries, with China accounting for a little over 30% of exposures and nearly half of observed hosts advertising tool-calling capabilities. The assessment said Ollama deployments can move from the default localhost bind at 127.0.0[.]1:11434 to public exposure by binding to 0.0.0.0 or a public interface, creating an unmanaged AI-compute layer that can be abused for LLMjacking, prompt injection, and proxying malicious traffic. A separate Pillar Security report described active targeting of exposed LLM endpoints in Operation Bizarre Bazaar and traced that activity to Hecker (aka Sakuya and LiveGamer101).

    Show sources
    Open in new tab