Too much open-source AI is exposing itself to the web
As if AI weren't enough of a security concern, now researchers have discovered that open-source AI deployments may be an even bigger problem than those from commercial providers.Threat researchers at SentinelLABS teamed up with internet mappers from Censys to take a look at the footprint of Ollama deployments exposed to the internet, and what they found was a global network of largely homogenous, open-source AI deployments just waiting for the right zero-day to come along.
175,108 unique Ollama hosts in 130 countries were found exposed to the public internet, with the vast majority of instances found to be running Llama, Qwen2, and Gemma2 models, most of those relying on the same compression choices and packaging regimes. That, says the pair, suggests open-source AI deployments have become a monoculture ripe for exploitation.
Open-source AI is a global security nightmare waiting to happen, say researchers
Infosec in Brief: Also, South Korea gets a pentesting F, US Treasury says bye bye to BAH, North Korean hackers evolve, and moreBrandon Vigliarolo (The Register)
like this
Em Adespoton
in reply to Powderhorn • • •Ollama with standard Gemma2 model open to the Internet. What could go wrong?
I call out this one because the Chinese government has already examined it for exploits and flaws.
Letting it run outside a sandbox on the Internet is tantamount to sharing any information and capabilities it has with the CCP.
StinkyFingerItchyBum
in reply to Em Adespoton • • •spit_evil_olive_tips
in reply to Em Adespoton • • •exposing something like Ollama to the public internet is a bad idea, full stop. there's no need to bring "omg China scary" xenophobia into it.
Em Adespoton
in reply to spit_evil_olive_tips • • •Nothing xenophobic about it. That’s just the model we already have documented information about. Notice I mentioned CCP and government, not “the Chinese”.
That’s like calling someone an antisemite for being against the Israeli or Iranian government.
spit_evil_olive_tips
in reply to Em Adespoton • • •OK. can you link to that "documented information"?
because I googled "gemma chinese government" and nothing obvious popped up. but maybe I'm just out of the loop when it comes to reasons we should be afraid of those nefarious Chinese people who work for the Chinese government and/or the (insert ominous music here) Chinese Communist Party.
uh-huh. so, a thought experiment:
a genie gives me the list of IP address ranges that the Chinese government is using when it scans the internet for potential exploits.
I'm going to run Ollama, and expose it to the public internet...except I'm going to deny all traffic to & from those specific IP ranges.
that's still a bad idea, right? because there are many many many other possible threat actors?
this is like the difference between someone telling you "lock your doors at night because of burglars"
... Show more...OK. can you link to that "documented information"?
because I googled "gemma chinese government" and nothing obvious popped up. but maybe I'm just out of the loop when it comes to reasons we should be afraid of those nefarious Chinese people who work for the Chinese government and/or the (insert ominous music here) Chinese Communist Party.
uh-huh. so, a thought experiment:
a genie gives me the list of IP address ranges that the Chinese government is using when it scans the internet for potential exploits.
I'm going to run Ollama, and expose it to the public internet...except I'm going to deny all traffic to & from those specific IP ranges.
that's still a bad idea, right? because there are many many many other possible threat actors?
this is like the difference between someone telling you "lock your doors at night because of burglars" vs "lock your doors at night because of black people". you're showing your whole ass when you talk about cybersecurity in general but then make the jump to "cybersecurity is important because those sneaky Asians will hack you".
mrnobody
in reply to Powderhorn • • •like this
yessikg likes this.
StinkyFingerItchyBum
in reply to Powderhorn • • •Wait, wait! I saw this one. Terminator 3.
::: spoiler plot spoiler
A novel virus was breaking out all over the world and they had to release Skynet to kill it. Really it was just Skynet tricking the Defense Department into releasing itself into the wild by releasing the firewalls or somesuch.
:::
like this
yessikg likes this.