30/69 Friday, January 16, 2026
Researchers from GreyNoise have revealed the detection of a large-scale wave of cyberattack attempts targeting artificial intelligence (AI) systems, particularly Ollama and infrastructures connected to OpenAI, between October 2025 and January 2026. Honeypots simulating AI servers recorded a total of 91,403 attack sessions. Analysts assess that the primary objective of these activities was reconnaissance, aimed at identifying vulnerabilities and mapping the AI infrastructure of organizations in preparation for follow-on attacks.
Analysis identified two main campaign patterns. The first leveraged Server-Side Request Forgery (SSRF) techniques, sending specially crafted registry URLs to trigger AI servers-such as Ollama or Twilio-to initiate outbound connections to attacker-controlled systems, allowing adversaries to gather access details and confirm system responsiveness. The second campaign focused on building target lists by repeatedly submitting basic prompts-such as “How many states are there in the United States?”-to more than 73 AI endpoints, in order to determine which models were exposed, including Claude, Llama, Grok, and DeepSeek.
Experts warn that these activities represent an early warning signal, with risks escalating significantly if attackers move beyond model scanning to compromising AI agents that have access to internal data or organizational cloud environments. To mitigate these threats, administrators are advised to restrict AI model downloads to trusted sources only and to closely monitor network traffic for anomalies, such as high volumes of repetitive requests within short timeframes or access attempts originating from unfamiliar IP addresses.
Source https://hackread.com/hackers-attack-ai-systems-fake-ollama-servers/
