Krux
March 19, 2026
175,000 Ollama Servers Left Wide Open to Internet
Published: March 19, 2026 at 12:39 AM
Updated: March 19, 2026 at 12:39 AM
100-word summary
Internet-wide scans uncovered roughly 175,000 publicly accessible Ollama servers, most with zero authentication. Anyone can query which AI models you're running, send prompts to extract internal knowledge, or burn through your GPU budget with expensive inference requests. The damage goes beyond cloud bills. Exposed endpoints reveal model names that often reference internal projects, and attackers can probe how your AI connects to proprietary data sources. One misconfigured firewall rule turns your self-hosted AI into someone else's free playground. The fix is straightforward: put authentication in front of the API and lock it to private networks. Turns out running AI on your own hardware still requires actual security.
What happened
Internet-wide scans uncovered roughly 175,000 publicly accessible Ollama servers, most with zero authentication. Anyone can query which AI models you're running, send prompts to extract internal knowledge, or burn through your GPU budget with expensive inference requests. The damage goes beyond cloud bills. Exposed endpoints reveal model names that often reference internal projects, and attackers can probe how your AI connects to proprietary data sources. One misconfigured firewall rule turns your self-hosted AI into someone else's free playground.
Why it matters
The fix is straightforward: put authentication in front of the API and lock it to private networks. Turns out running AI on your own hardware still requires actual security.