Ollama, Nvidia Flaws Put AI Infrastructure at Risk TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsVulnerabilities & ThreatsOllama, Nvidia Flaws Put AI Infrastructure at RiskOllama, Nvidia Flaws Put AI Infrastructure at RiskbyAlexander CulafiNov 7, 20253 Min ReadApplication SecuritySora 2 Makes Videos So Believable, Reality Checks Are RequiredSora 2 Makes Videos So Believable, Reality Checks Are RequiredbyArielle WaldmanNov 6, 20255 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllThreat IntelligenceSilver Fox APT Blurs the Line Between Espionage & CybercrimeSilver Fox APT Blurs the Line Between Espionage & CybercrimebyNate Nelson, Contributing WriterAug 8, 20253 Min ReadThreat IntelligenceIran-Israel War Triggers a Maelstrom in CyberspaceIran-Israel War Triggers a Maelstrom in CyberspacebyNate Nelson, Contributing WriterJun 19, 20255 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsLibraryNewslettersPodcastsReportsVideosWebinarsWhite papers Partner PerspectivesSEE ALLVulnerabilities & ThreatsApplication SecurityData PrivacyThreat IntelligenceNewsOllama, Nvidia Flaws Put AI Infrastructure at RiskSecurity researchers discovered multiple vulnerabilities in AI infrastructure products, including one capable of remote code execution.Alexander Culafi, Senior News Writer, Dark ReadingNovember 7, 20253 Min ReadSource: MauriceNorbert via Alamy Stock PhotoA set of newly discovered vulnerabilities would have enabled exploitation of popular AI inference systems Ollama and NVIDIA Triton Inference Server. That's according to security firm Fuzzinglabs, which will unveil research concerning new AI infrastructure vulnerabilities on Dec. 10 as part of Black Hat Europe 2025. CEO Patrick Ventuzelo and COO Nabih Benazzouz will present the research, which included four vulnerabilities in AI model runner Ollama and one in NVIDIA's model deployment product Triton Inference Server.The Ollama flaws included denial-of-service bug CVE-2024-12886, authentication bypass vulnerability CVE-2025-51471, arbitrary file copy vulnerability CVE-2025-48889, and a heap overflow bug that has not received a CVE yet. CVE-2024-12886 was assigned a CVSS score of 7.5, while the other vulnerabilities have not received scores.In Triton Server, Fuzzinglabs found a command injection vulnerability in the product's model configuration pipeline. This latter one, Ventuzelo tells Dark Reading, was particularly dangerous, as it was easy to execute and could have reliably resulted in remote code execution. If exploited, the flaw would not have needed prior authentication and attackers would have had free reign to execute "basically … whatever we want" on a vulnerable instance. Related:Critical Site Takeover Flaw Affects 400K WordPress Sites"It was really bad," Ventuzelo says, "and really, really easy to exploit."Though Ollama and NVIDIA fixed the flaws, they provide an example of how AI security research is focusing on the infrastructure of popular platforms and models more and more. From Prompt Injections to AI InfrastructureIn the early days following ChatGPT's public launch in November 2022, much of the research on AI and LLM security involved prompt injections, or using natural language to manipulate a model into taking an action not intended by the model's operator (such as leaking sensitive information or hallucinating). There is still plenty of research focused on LLM prompt injections and guardrail bypasses. At the same time, more and more technical AI security research is rising to the surface. Dark Reading asked Ventuzelo whether he, a red teamer who runs a security assessment firm, has noticed the same thing. "Yes, completely," he says. "As researchers, we are definitely shifting more into attacking infrastructure as well as the software running the model, and not just the model itself like before."Ventuzelo gave two reasons for this. One, the LLM models are maturing. Two, and more significantly, models are being deployed in such a way where the infrastructure itself is more prominent in environments. In turn, AI infrastructure has become more compelling as a research target. Related:Kimsuky Debuts HTTPTroy Backdoor Against South Korea Users"I think it's mainly because of the fact that, before, it was mainly OpenAI running the models, but now people are starting to run models inside of infrastructure to get local AI modeling. More companies have started to run their models by themselves. That means they are running software to run and manage these models, and people [researchers and attackers] are going to be more interested in that," Ventuzelo says. "If you are running an Ollama server, is it exposed? If it's exposed in your company, that's a new target in the attack surface of your corporation."How Defenders Can Protect Their AI DeploymentsSome of the vulnerabilities to be discussed at Black Hat Europe were originally discovered as part of Pwn2Own Berlin 2025 in May. At the vulnerability research competition, which was hosted by Trend Micro's Zero Day Initiative (ZDI), AI systems made their debut as official competition targets. Ventuzelo tells Dark Reading that he appreciated competitions like Pwn2Own featuring AI, as well as vendors like NVIDIA that have opened themselves up to the security research community. Related:Android Malware Mutes Alerts, Drains Crypto WalletsThe Fuzzinglabs team will also discuss the defender angle as part of the session, and specifically how security teams working with AI infrastructure can better shore up their posture. Ventuzelo recommends, as many do with AI models, that organizations ensure their access control is in check. And if you're utilizing something like infrastructure to run a model, enterprises need to make sure it's in a good container and separate from other critical parts of the environment. Black Hat Europe 2025Dec 8, 2025 TO Dec 11, 2025|Excel London, United KingdomBlack Hat Europe returns to the Excel in London with a four-day program this December 8-11, 2025. The event will open with two-and four-day options of specialized cybersecurity Trainings, with courses of all skill levels.

The two-day main conference on December 10 & 11 boasts Briefings featuring the latest in research, developments, and trends in cybersecurity, along with dozens of open-source tool demos in Arsenal, a robust Business Hall, networking, and social events, and much more. Use promo code: DARKREADING to save $100 on your Briefings pass or to get a free Business pass.Learn MoreLearn MoreAbout the AuthorAlexander CulafiSenior News Writer, Dark ReadingAlex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels.See more from Alexander CulafiMore InsightsIndustry Reports2025 DigiCert DDoS Biannual ReportDigiCert RADAR - Risk Analysis, Detection & Attack ReconnaissanceThe Total Economic Impact of DigiCert ONEIDC MarketScape: Worldwide Exposure Management 2025 Vendor AssessmentThe Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025Access More ResearchWebinarsHow AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeEditor's ChoiceCybersecurity OperationsElectronic Warfare Puts Commercial GPS Users on NoticeElectronic Warfare Puts Commercial GPS Users on NoticebyRobert Lemos, Contributing WriterOct 21, 20254 Min ReadKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeNov 13, 2025During this event, we'll examine the most prolific threat actors in cybercrime and cyber espionage, and how they target and infiltrate their victims.Secure Your SeatWebinarsHow AI & Autonomous Patching Eliminate Exposure RisksOn-DemandThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterTues, Nov 18, 2025 at 1pm ESTSecuring the Hybrid Workforce: Challenges and SolutionsTues, Nov 4, 2025 at 1pm ESTCybersecurity Outlook 2026Virtual Event | December 3rd, 2025 | 11:00am - 5:20pm ET | Doors Open at 10:30am ETThreat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesTuesday, Oct 21, 2025 at 1pm ESTMore WebinarsWhite PapersPKI Modernization WhitepaperEDR v XDR v MDR- The Cybersecurity ABCs ExplainedHow to Chart a Path to Exposure Management MaturitySecurity Leaders' Guide to Exposure Management StrategyThe NHI Buyers GuideExplore More White PapersDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

The burgeoning field of artificial intelligence infrastructure is facing significant risk due to newly discovered vulnerabilities affecting prominent products like Ollama and NVIDIA’s Triton Inference Server. According to research conducted by Fuzzinglabs, which will be unveiled at Black Hat Europe 2025, these flaws represent a critical concern for organizations deploying AI models. The research identifies four vulnerabilities within Ollama – a denial-of-service bug, an authentication bypass, an arbitrary file copy vulnerability, and a heap overflow – alongside a command injection vulnerability in Triton Server’s model configuration pipeline.

The command injection vulnerability within Triton Server is particularly alarming, as it’s easily exploitable and capable of remote code execution without prior authentication, effectively granting an attacker “basically … whatever we want” access. This highlights a shift in security research away from solely targeting the AI models themselves, and instead focusing on the underlying infrastructure that supports them.

Prior to this shift, much of the focus in AI security research centered around prompt injections—manipulating Large Language Models (LLMs) through natural language to elicit unintended actions. While prompt injection remains a key area of concern, a growing number of researchers are increasingly scrutinizing the infrastructure layer powering these models. This trend is driven by the increasing prevalence of organizations running their own AI models on bespoke infrastructure. As models move beyond centralized deployments, the infrastructure itself becomes a more prominent and valuable target.

The shift in research direction was underscored by Fuzzinglabs’ CEO, Patrick Ventuzelo, who notes that researchers are now prioritizing the infrastructure of AI deployments alongside the models themselves. Ventuzelo attributes this change to the maturation of AI models and the increased prominence of infrastructure in deployments. Organizations are now running models on local infrastructure, creating a broader attack surface.

To mitigate these vulnerabilities, experts recommend implementing robust access controls and isolating AI infrastructure within containerized environments, analogous to best practices for securing any critical system. As these vulnerabilities were initially brought to light during Pwn2Own Berlin 2025—a competition hosted by Trend Micro’s Zero Day Initiative—the involvement of security research competitions and open collaboration between vendors and the security community are recognized as valuable avenues for improving AI security.

Black Hat Europe 2025, set to take place December 8-11, 2025, in London, will feature a session led by Ventuzelo and COO Nabih Benazzouz, where Fuzzinglabs will discuss both the vulnerabilities and how security teams can enhance their defenses. The event offers a crucial platform for sharing insights and strategies for securing AI deployments, particularly given the growing reliance on these models across diverse industries.