The potential for evil is great. Sagi Tzadik, a Wiz researcher who discovered the vulnerability, told CSO: “An attacker can leak secret models, inspect user information, change their answers, rescue the entire system, and find a location in the internal network. Once exploited, the machine becomes vulnerable.”
Authentication errors create potential exposure
The lack of maturity of the technology class makes it prudent to implement additional security controls without using Ollama’s patch, advises Wiz. The Ollama setup must be downloaded from the Internet.
“The Ollama project is in its early stages and does not support important security features, such as authentication,” Wiz’s Tzadik told CSO. “Even with the latest version running, attackers can find the AI models running on Ollama’s server and even exploit them using the victim’s computing power.
Source link