Hundreds of LLM Servers Expose Corporate and Health Data

A new report finds that LLM automation tools and vector databases can be rife with sensitive data — and vulnerable to pilfering.

Nate Nelson, Dark Reading

August 30, 2024

1 Min Read
3D illustration of Artificial intelligence on computer screens
Alamy

Hundreds of open source large language model (LLM) builder servers and dozens of vector databases are leaking highly sensitive information to the open Web.

As companies rush to integrate AI into their business workflows, they occasionally pay insufficient attention to how to secure these tools, and the information they trust them with. In a new report, Legit security researcher Naphtali Deutsch demonstrated as much by scanning the Web for two kinds of potentially vulnerable open source (OSS) AI services: vector databases — which store data for AI tools — and LLM application builders — specifically, the open source program Flowise. The investigation unearthed a bevy of sensitive personal and corporate data, unknowingly exposed by organizations stumbling to get in on the generative AI revolution.

"A lot of programmers see these tools on the Internet, then try to set them up in their environment," Deutsch says, but those same programmers are leaving security considerations behind.

Hundreds of Unpatched Flowise Servers

Flowise is a low-code tool for building all kinds of LLM applications. It's backed by Y Combinator, and sports tens of thousands of stars on GitHub.

Whether it be a customer support bot or a tool for generating and extracting data for downstream programming and other tasks, the programs that developers build with Flowise tend to access and manage large quantities of data. It's no wonder, then, that the majority of Flowise servers are password-protected.

A password, however, isn't security enough...

Continue reading this article on our sister site, Dark Reading.

About the Authors

Nate Nelson

Nate Nelson

Contributor

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

See more from Nate Nelson
Dark Reading

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to Data Center Knowledge, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

See more from Dark Reading
Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

Image of the White House and a database computing icon
Regulations
How a Second Trump Presidency Could Shape the Data Center Industry
How a Second Trump Presidency Could Shape the Data Center Industry

Nov 12, 2024

Malaysia is on the path to become a powerhouse in the Asian data center market
Data Center Site Selection
Malaysia’s Data Center Bet: New Planning Guidelines Set to Drive Growth
Malaysia’s Data Center Bet: New Planning Guidelines Set to Drive Growth

Nov 11, 2024

New data center regulations are emerging globally, with new standards for sustainability and resilience shaping the industry’s future.
Regulations
Data Center Regulation Trends to Watch in 2025
Data Center Regulation Trends to Watch in 2025

Nov 6, 2024

Exclusive DCK Resources
See all DCK Resources

Industry Voices

Advancing Data Center Construction 2024 features more than 30 expert-led sessions
Build & Design
ADCC 2024: Industry Leaders Explore the Future of Data Center Construction
ADCC 2024: Industry Leaders Explore the Future of Data Center Construction

Nov 21, 2024

Data Center Boom Fuels Demand for Nuclear Projects
Energy & Power Supply
Data Center Boom Fuels Demand for Nuclear Projects
Data Center Boom Fuels Demand for Nuclear Projects

Nov 20, 2024

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.
Newsletter Sign-Up

Featured Technical Explainers

Data center server configuration command lines on a computer monitor.
Open Source Software
Optimize Text Search: Master the grep Command in Linux
Optimize Text Search: Master the grep Command in Linux
Data center ETF stock chart illustration
Investing
Data Center ETFs: An Introductory Guide to Boosting Your Portfolio
Data Center ETFs: An Introductory Guide to Boosting Your Portfolio
Data center storage trends in 2024
Data Storage
Watch: Data Center Storage Trends in 2024
Watch: Data Center Storage Trends in 2024