Finding thousands of exposed Ollama instances using Shodan

(blogs.cisco.com)

166 points rldjbpin | 1 comments | 03 Sep 25 08:18 UTC | HN request time: 0.211s | source

Show context

stoneyhrm1 ◴[03 Sep 25 12:34 UTC] No.45114958[source]▶

I understand the concern here but isn't this the same as making any other type of server public? This is just regarding servers hosting LLMs, which I wouldn't even consider a huge security concern vs hosting a should-be-internal tool publicly.

Servers that shouldn't be made public are made public, a cyber tale as old as time.

replies(1): >>45115589 #

cube00 ◴[03 Sep 25 13:33 UTC] No.45115589[source]▶

>>45114958 #

> servers hosting LLMs, which I wouldn't even consider a huge security concern

The new problem is if the LLMs are connected to tooling.

There's been plenty of examples showing that with subtle changes to the prompt you can jailbreak the LLM to execute tooling in wildly different ways from what was intended.

They're trying to paper over this by having the LLM call regular code just so they can sure all steps of the workflow are actually executed reliably every time.

Even the same prompt can give different results depending on the temperate used. How security teams are able to sign these things off is beyond me.

replies(1): >>45124887 #

1. _flux ◴[04 Sep 25 08:11 UTC] No.45124887[source]▶

>>45115589 #

The tools are client side operations in Ollama, so I don't see a way an attacker could use that to their benefit, except to leverage the actual computing power the server provides.

↑