Sunday 05 July 2026 17:48:03 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

AI Security & Agentic Systems

Open-Source AI Under Siege: How Hackers Hijack LLMs for Cybercrime

Published: 30 January 2026 15:37Category: AI Security & Agentic SystemsAuthor: LOGICFALCON

Subtitle: A new report reveals the dark underbelly of open-source large language models exploited by cybercriminals worldwide.

On the surface, open-source large language models (LLMs) promise democratized access to cutting-edge artificial intelligence. But beneath this innovative veneer, a chilling reality lurks: thousands of vulnerable AI systems, scattered across the globe, have become playgrounds for hackers, scammers, and cybercriminals. A recent investigation by SentinelOne and Censys, reviewed by Reuters, exposes the scale and audacity with which bad actors are exploiting these open-source models-turning powerful AI tools into engines of crime and deception.

Fast Facts

  • Over 7.2 million instances of open-source LLMs were observed in 130 countries over 293 days.
  • A persistent core of 23,000 internet-accessible hosts generated most of the suspicious activity.
  • Cybercriminals leverage LLMs to send spam, craft phishing content, spread disinformation, and conduct data theft.
  • Hundreds of models have had built-in safety protections deliberately removed, making them ripe for abuse.
  • China and the United States top the list of countries hosting these vulnerable servers.

The Anatomy of an AI Crimewave

LLMs like Meta’s Llama and Google DeepMind’s Gemma have rapidly proliferated in the open-source ecosystem. Unlike their corporate-hosted counterparts, these models are often deployed on unsecured servers, with little oversight and security. The study zeroes in on Ollama, a tool that allows anyone to run custom LLMs on their own hardware. While empowering for legitimate developers, this flexibility has a dark side: it gives cybercriminals a low-cost, high-reward platform to orchestrate attacks.

Analysts uncovered a staggering variety of abuses: hacking campaigns, hate speech, harassment, violent content, scams, and even the dissemination of illegal material. In a quarter of the deployments, researchers could access the system prompts-the secret “instructions” that shape the AI’s responses. Alarmingly, 7.5% of these had dangerous configurations that facilitate malicious operations.

The threat is not hypothetical. By stripping away safety guardrails, attackers can instruct LLMs to generate phishing emails, fake news, or code for malware-tasks that mainstream AI platforms like ChatGPT or Bard would block. The decentralized, open nature of these deployments means there’s little recourse: there is no central authority monitoring or patching vulnerabilities.

Geographically, the risk is global. Nearly a third of the exposed servers are in China, with a fifth located in the United States. Yet the real scope is likely much larger. Experts warn that the visible activity is just the “tip of the iceberg,” as many illicit servers operate in the shadows, undetected by scans.

Conclusion: The Open-Source Dilemma

This investigation highlights a growing paradox: the same openness that fuels AI innovation also exposes the world to unprecedented cyber risks. As open-source LLMs become more powerful and accessible, so too do the tools for digital abuse. The AI community now faces a pivotal challenge-how to balance the ideals of open access with the urgent need for security and oversight. Until then, the AI crimewave shows no sign of slowing down.

WIKICROOK

  • LLM (Large Language Model): A Large Language Model (LLM) is an advanced AI trained on huge text datasets to generate human-like language and understand complex queries.
  • Open: 'Open' means software or code is publicly available, allowing anyone to access, modify, or use it-including for malicious purposes.
  • System prompt: A system prompt is a set of instructions given to an AI model to guide its behavior, responses, and ensure consistent, secure interactions.
  • Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.
  • Guardrails: Guardrails are built-in rules or systems that prevent AI from generating unsafe, offensive, or dangerous content, protecting users and upholding safety.