https://digitaliziran.si/categories/configuration/Recent content in Configuration on Digitaliziran siHugoenFri, 05 Sep 2025 16:40:51 +0000https://digitaliziran.si/2025/09/05/your-llm-servers-are-exposed-ciscos-shodan-study-reveals-critical-security-gaps/Fri, 05 Sep 2025 16:40:51 +0000https://digitaliziran.si/2025/09/05/your-llm-servers-are-exposed-ciscos-shodan-study-reveals-critical-security-gaps/<p>Are your organization&rsquo;s <a href="https://en.wikipedia.org/wiki/Large_language_model">Large Language Model (LLM)</a> servers broadcasting sensitive information to the entire internet? A new <a href="https://blogs.cisco.com/security/detecting-exposed-llm-servers-shodan-case-study-on-ollama">Cisco security study</a> using <a href="https://www.shodan.io/">Shodan search engine</a> data reveals a troubling reality: thousands of <a href="https://ollama.ai/">Ollama</a> LLM servers are running with misconfigured settings, creating potential entry points for attackers.</p> <h2 id="the-scale-of-exposure">The Scale of Exposure</h2> <p>Cisco&rsquo;s research team discovered numerous Ollama servers - a popular platform for running LLMs locally - exposed to the internet without proper security controls. However, it&rsquo;s important to understand that <strong>Ollama is designed with secure defaults</strong>. By default, <a href="https://github.com/ollama/ollama/issues/11941">Ollama binds only to localhost (127.0.0.1)</a>, restricting access to the local machine only. The exposures identified by Cisco&rsquo;s research occur when administrators deliberately override these secure defaults by setting the <code>OLLAMA_HOST</code> environment variable to <code>0.0.0.0</code> to enable remote access, but fail to implement proper security measures.</p>