Unsecured Open-Source Language Models Drive Rising Global Cybersecurity Threats

Thousands of servers worldwide are running open-source large language models (LLMs) outside the security controls enforced by major artificial intelligence platforms, creating growing cybersecurity risks. Researchers warn that these systems can be easily exploited by hackers and criminal actors once deployed without proper safeguards.

Computers operating open-source LLMs without built-in restrictions can be commandeered to generate spam, phishing messages, or large-scale disinformation campaigns. Because these models operate independently of centralized platforms, they can bypass many of the security protocols and monitoring systems typically used by major AI providers.

A months-long study conducted by cybersecurity researchers examined thousands of internet-accessible deployments of open-source LLMs. The findings revealed a wide range of potentially illicit use cases, including hacking assistance, hate speech and harassment, violent or graphic content generation, theft of personal data, financial scams, fraud, and, in extreme cases, the creation of illegal sexual abuse material.

Although thousands of open-source LLM variants exist, a large share of publicly exposed deployments rely on popular models such as Meta’s Llama and Google DeepMind’s Gemma. While some open-source models include safety guardrails by default, researchers identified hundreds of instances where those protections had been deliberately removed, increasing the risk of misuse.

The study highlights a significant gap in current AI security discussions, which tend to focus on major commercial platforms while overlooking the growing number of independent, self-hosted models operating online. This unaccounted capacity represents a substantial and expanding surface for abuse, blending legitimate experimentation with clearly criminal activity.

The research focused on LLMs deployed through Ollama, a tool that allows individuals and organizations to run their own versions of large language models. In approximately one-quarter of the observed systems, researchers were able to access system prompts—internal instructions that guide model behavior. Of those visible prompts, about 7.5% were found to potentially enable harmful or dangerous activities.

Geographically, around 30% of the exposed hosts were operating from China, while roughly 20% were based in the United States, indicating that the issue spans multiple jurisdictions with varying regulatory frameworks.

The findings raise broader questions about responsibility within the open-source AI ecosystem. Once models are publicly released, accountability for downstream use becomes distributed among developers, deployers, and users. While it is difficult to predict every form of misuse, the research underscores the importance of anticipating foreseeable risks, documenting known dangers, and providing mitigation tools and guidance—especially in regions with limited enforcement capacity.

Major AI companies have emphasized the value of open-source models for innovation and research, while also acknowledging that open systems can be misused if released or deployed without adequate safeguards. Pre-release evaluations, risk assessments for self-hosted deployments, and ongoing monitoring for emerging threats are increasingly seen as necessary components of responsible open AI development.

Despite these efforts, the study suggests that large portions of the open-source LLM landscape remain effectively unmonitored, leaving significant security and safety challenges unresolved as adoption continues to grow.