Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
AI Used in Ticketmaster Attack to Score Free Tickets
July 3, 2026
Anthropic Details Claude 3.5 Sonnet Safeguards and Jailbreak Framework
July 3, 2026
Google Disrupts NetNut Residential Proxy Botnet Exploiting 2 Million Devices
July 3, 2026
Home/CyberSecurity News/Hackers Actively Exploiting AI Deployments – 91,000+ Attack Sessions Observed
CyberSecurity News

Hackers Actively Exploiting AI Deployments – 91,000+ Attack Sessions Observed

Security researchers have identified more than 91,000 attack sessions targeting AI infrastructure between October 2025 and January 2026. This activity exposes systematic campaigns against large...

Jennifer sherman
Jennifer sherman
January 9, 2026 2 Min Read
47 0

Security researchers have identified more than 91,000 attack sessions targeting AI infrastructure between October 2025 and January 2026. This activity exposes systematic campaigns against large language model deployments.

GreyNoise’s Ollama honeypot infrastructure captured 91,403 attack sessions during this period, revealing two distinct threat campaigns. The findings corroborate and extend previous research from Defused on AI system targeting.

The first campaign exploited server-side request forgery vulnerabilities to force servers into making outbound connections to attacker-controlled infrastructure.

Attackers targeted Ollama’s model pull functionality by injecting malicious registry URLs and manipulating Twilio SMS webhook MediaUrl parameters.

Ollama SSRF & Enumeration
SSRF Enumeration (Source: Greynoise)

The campaign ran from October 2025 through January 2026, with a dramatic spike over Christmas, 1,688 sessions in just 48 hours.

Attackers used ProjectDiscovery’s OAST infrastructure to confirm successful exploitation via callback validation.

Fingerprinting revealed a single JA4H signature appearing in 99% of attacks, indicating shared automation tooling likely based on Nuclei.

While 62 source IPs spread across 27 countries were observed, consistent fingerprints suggest VPS-based infrastructure rather than a botnet.

GreyNoise assesses this as probable grey-hat operations by bug bounty hunters, though the scale and timing raise ethical concerns.

Enumeration Campaign: Building Target Lists

Starting December 28, 2025, two IPs launched methodical probes of 73+ LLM model endpoints, generating 80,469 sessions in eleven days.

This systematic reconnaissance sought misconfigured proxy servers that might expose access to commercial APIs.

The attacks tested OpenAI-compatible and Google Gemini formats across every major model family: OpenAI GPT-4o, Anthropic Claude, Meta Llama 3.x, DeepSeek-R1, Google Gemini, Mistral, Alibaba Qwen, and xAI Grok.

Test queries remained deliberately innocuous, with “hi” appearing 32,716 times and “How many states are there in the United States?” appearing 27,778 times, likely aiming to fingerprint models without triggering security alerts.

The infrastructure points to professional threat actors: 45.88.186.70 (AS210558, 1337 Services GmbH): 49,955 sessions 204.76.203.125 (AS51396, Pfcloud UG): 30,514 sessions

Both IPs have extensive histories of CVE exploitation, with over 4 million combined sensor hits across more than 200 vulnerabilities, including CVE-2025-55182 and CVE-2023-1389.

Block these network indicators:

JA4H Domains IPs
po11nn060000... *.oast.live, *.oast.me, *.oast.online, *.oast.pro, *.oast.fun, *.oast.site, *.oast.today 45.88.186.70, 204.76.203.125, 134.122.136.119, 134.122.136.96, 112.134.208.214, 146.70.124.188, 146.70.124.165

Allow Ollama to make outbound connections only to approved addresses. Block all other outgoing traffic so attackers can’t use it for SSRF callbacks.

Eighty thousand enumeration requests represent a significant investment. Threat actors don’t map infrastructure at this scale without plans to exploit it.

If you’re running exposed LLM endpoints, you’re likely already on someone’s target list.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitHackerSecurityThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

SmarterTools SmarterMail Vulnerability Enables Remote Code Execution Attack – PoC Released

Next Post

New Malware Automatically Send to Contacts via WhatsApp Web Attacks Windows Systems

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
New Microsoft 365 Phishing Uses OAuth Device Code Flow to Steal Tokens
July 2, 2026
Critical Claude Cowork Sandbox Vulnerability Lets Attackers Run Commands as Root
July 2, 2026
Ousaban Malware Targets Iberian Banks with Phishing PDFs and VBS Downloader
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us