Skip to content
Threat Feed

Vendor

Ollama

10 briefs RSS
high advisory

Ollama Model Exfiltration Attempt Detection

This brief describes detection of potential data exfiltration attempts targeting Ollama model metadata and configuration endpoints by adversaries repeatedly querying specific API endpoints to extract sensitive model information.

Ollama model-exfiltration data-leakage
2r 1t
medium advisory

Ollama Abnormal Network Connectivity Detected

This detection identifies unusual network patterns and connection problems within Ollama, encompassing unauthorized API access attempts beyond localhost and warning-level network errors like DNS lookup failures, TCP connection issues, or host resolution problems, which can signal network-based attacks, unauthorized access, or infrastructure reconnaissance.

Ollama network-connectivity anomaly
2r 1t
medium advisory

GenAI Process Performing Encoding/Chunking Prior to Network Activity

This rule detects GenAI processes performing encoding or chunking (base64, gzip, tar, zip) followed by outbound network activity, indicating data preparation for exfiltration.

Ollama +2 genai exfiltration defense-evasion
2r 4t
medium advisory

Unusual Modification of GenAI Tool Configuration File

This rule detects unusual modifications to GenAI tool configuration files, potentially indicating an attacker injecting malicious MCP server configurations to hijack AI agents for persistence, command and control, or data exfiltration.

Claude +3 genai configuration-modification defense-evasion
3r 4t
critical advisory

Ollama Server Possible RCE via Malicious Model Loading

The detection identifies potential remote code execution attempts on Ollama servers through malicious model loading by monitoring error messages and failure patterns during model loading operations, which could indicate malicious model injection, path traversal attempts, or exploitation of model loading mechanisms, leading to arbitrary code execution on the server.

Ollama Server ollama rce model-injection
2r 1t
high advisory

Ollama Resource Exhaustion via Memory Abuse

This brief covers a technique to detect resource exhaustion attacks against Ollama servers by monitoring abnormal memory allocation and runner operations, potentially leading to denial of service or performance degradation.

Ollama resource-exhaustion denial-of-service
2r 1t
high advisory

Ollama API Prompt Injection and Jailbreak Attempts

Detects potential prompt injection and jailbreak attempts against Ollama API endpoints by identifying requests with abnormally long response times, indicative of attackers crafting complex prompts to bypass AI safety controls.

Ollama prompt-injection jailbreak ai-security
1r
medium advisory

Ollama API Endpoint Scan Reconnaissance

Detects potential reconnaissance activity against Ollama servers by identifying sources probing multiple API endpoints within short timeframes, indicative of attackers mapping the API surface for vulnerabilities.

Ollama api-reconnaissance web-application
1r 1t
high advisory

Ollama Abnormal Service Crash Availability Attack

This detection identifies abnormal service crashes, fatal errors, and process terminations in Ollama, potentially indicating exploitation, resource exhaustion, or denial-of-service attacks aimed at disrupting AI model availability and degrading system stability.

Ollama availability denial-of-service crash
2r 1t
high advisory

Ollama API DDoS/Rate Limit Abuse Detection

This detection identifies potential DDoS attacks or rate limit abuse against Ollama API endpoints by detecting excessive request volumes from individual client IP addresses.

Ollama ddos rate-limiting anomaly-detection
2r 1t