175K Exposed Ollama Hosts Allow Remote Code Execution cyberpress.org/175k-expo…
A massive global network of 175,000 publicly exposed Ollama AI servers, posing significant remote code execution risks across 130 countries.
An unmanaged layer of AI compute infrastructure operating without the security guardrails and monitoring systems that major platform providers implement by default.
Over a 293-day scanning period, researchers identified 7.23 million observations from unique Ollama hosts spanning 130 countries and 4,032 autonomous system numbers.
The infrastructure analysis revealed a persistent core of approximately 23,000 hosts that generated most of the activity, while a larger layer of transient hosts appeared briefly before disappearing.
Nearly half of the observed hosts are configured with tool-calling capabilities that enable them to execute code, access APIs, and interact with external systems.
