EU's Exposed AI Infrastructure

llama

2026-04-08 | Source: Mastodon | Original article

A security researcher has uncovered more than 25,000 publicly reachable Ollama inference servers, of which 7,600 sit in EU member states. The researcher posted unauthenticated API endpoints on a public forum, demonstrating that the services answer any query – even those that would normally be blocked for privacy or proprietary reasons. The write‑access surface, the part of the system that allows users to modify prompts or retrieve model outputs, is fully exposed, meaning anyone can probe the models, extract training data or use the compute for illicit purposes. The find is a stark reminder that the rapid expansion of AI inference infrastructure is outpacing security practices. Europe now hosts roughly a third of the world’s exposed instances, with Germany alone accounting for 3,550 nodes, ranking third globally after China and the United States. The exposure coincides with a wave of private investment in AI compute – from Blue Owl’s billion‑dollar bet to Mistral’s $830 million GPU rollout and SoftBank’s $33 billion Ohio data centre – and with the EU’s ongoing debate over the “AI Omnibus” and the AI Act. Regulators have been urging clearer rules for “highly secure cloud and AI offers,” but the current breach shows that technical safeguards are lagging behind policy discussions. What to watch next: EU authorities are expected to launch a formal investigation under the Cybersecurity Act, and the European Parliament’s AI Omnibus negotiations, due by July 2026, may introduce mandatory hardening requirements for inference services. Industry players are likely to roll out rapid patching campaigns and may adopt zero‑trust API gateways to limit unauthenticated access. Observers will also monitor whether the incident spurs a broader push for a sovereign European AI cloud, a theme that has been gaining traction in policy circles. The episode underscores that securing the compute layer is now as critical as governing the models themselves.

Sources

Back to AIPULSEN