Sign in / up

back to article In the rush to adopt hot new tech, security is often forgotten. AI is no exception

Cisco’s Talos security research team has found over 1,100 Ollama servers exposed to the public internet, where miscreants can use them to do nasty things. Ollama provides a framework that makes it possible to run large language models locally, on a desktop machine or server. Cisco decided to research it because, in the words …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Joe W Silver badge

    News?

    I mean, sure, we have to repeat this and actually get management by the balls because they are the drivers behind this train wreck. Looking at who pushes AI to everything and everywhere, and who is frothing from the mouth to exactly do that, and who tells all of us to "just use AI": I personally think these AI companies are responsible for the mess we are in.

    The whole mess is not unexpected. We have seen an uptick in SQL injections and other stupid and entirely preventable security holes, because of not training people, people trusting AI, people letting AI spin up containers and companies just pushing stuff with a wanton disregard of basic security. Throw manglement in jail and fine them. Like, real fines. 50% of their net worth, the other 50% go towards the people whose data they dumped on the internet for the world to abuse.

    11 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: News?

      I would suggest that management is responsible for AI adoption, but administrators are responsible for the train wreck that is implementation.

      0 5 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: News?

        I would suggest that management is responsible for AI adoption, but administrators are responsible for the train wreck that is implementation.

        Based on my experience of past new hotness the poor admins might be the last to discover the deployment. I have encountered managers authorising for their minions, surreptitious WAN connections to inside the enterprise network perimeter just to expose a hot new but equally suspect service.

        In many other cases the very senior management just issue a diktat which leaves the admin(s) few choices walk, be terminated or comply. Fortunately I have always been an agile pedestrian but others have very limited realistic choices.

        The assumption is that AI services as required and envisaged by management can be implemented securely but in many/most cases it cannot.

        Ultimately it must those issuing the orders that must take responsibility for any failures - they are invariably eager to reap the kudos of success. Unfortunately when management isn't faffing on about putting ducks in a row, they are honing their duck shoving skills.

        "New hotness" visions of Marilyn Monroe moving in next door. (Some Like It Hot.)

        3 0 Reply
  2. Pascal Monett Silver badge
    Mushroom

    "security is often forgotten"

    No. Security is ALWAYS forgotten. Because it gets in the way of selling product.

    Until, oh shit, we've got to secure this thing because, otherwise, customers will complain. And if they complain, they might leave, so now security is important.

    So, developers who warned us before, implement security on top of all the bullshit we made you do, because otherwise, you're fired.

    3 0 Reply
    1. Joe W Silver badge
      Reply Icon

      Re: "security is often forgotten"

      Here it's not the cutomers that complain but rather the Computer Users - Non Technical that deploy this stuff on shadow IT because "manglementus id vult".

      And security is not "forgotten". It is ignored. Huge difference.

      1 0 Reply
  3. Filippo Silver badge

    Forgotten?

    You have to know something before you can forget it...

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like