r/llmsecurity

I responsibly disclosed 5 vulnerabilities in Ollama and LiteLLM through Huntr - now publicly disclosed after 90 days
▲ 232 r/llmsecurity+1 crossposts

I responsibly disclosed 5 vulnerabilities in Ollama and LiteLLM through Huntr - now publicly disclosed after 90 days

Over the past few months, I conducted security research on Ollama and LiteLLM and reported several vulnerabilities through Huntr's coordinated vulnerability disclosure program.

Following the standard 90 day disclosure period, the findings have now been publicly disclosed.

The research resulted in five reported vulnerabilities. In Ollama, I identified a GGUF String Length Panic vulnerability that could lead to denial of service, as well as an unbounded vocab_size resource exhaustion issue that could cause excessive memory and CPU consumption. In LiteLLM, I reported a Pass-the-Hash authentication bypass, an SSRF vulnerability through custom guardrails, and a Unicode normalization issue that could lead to sandbox escape scenarios. What stood out during this research was how many impactful security issues originated from areas that are often overlooked in AI infrastructure, including model parsing and conversion pipelines, resource allocation controls, authentication logic, network trust boundaries, and Unicode normalization edge cases.

The repositories contain technical details, root cause analyses, proof of concepts, impact assessments, remediation recommendations, and links to the published Huntr disclosures.

Ollama research:

https://github.com/regaan/ollama-security-research

LiteLLM research:

https://github.com/regaan/litellm-vulnerability-research

All research was conducted and disclosed responsibly. The published material is intended strictly for educational, defensive, and research purposes. I am happy to answer questions about the disclosure process, research methodology, root cause analysis, or AI and LLM security in general.

u/rothackers — 2 days ago
▲ 17 r/llmsecurity+1 crossposts

Breaking the AI Embargo: The Rise of the Mythos Killers!

The global AI landscape just fractured. When the US government clamped down on Anthropic’s ultra-powerful, cyber-offensive Mythos and Fable 5 models, they intended to keep the world's most dangerous digital weapons under lock and key.

Instead, they triggered a massive geopolitical tech boom.

Startups across Asia just unleashed two fierce, decentralized competitors designed to completely bypass Western export controls. Meet the new titans redefining AI power:

  • Fugu Ultra (Sakana AI): Rather than training an incredibly expensive standalone foundation model, Tokyo-based Sakana AI built a highly optimized, light-parameter "router". Acting as a conductor, it dynamically delegates, debates, and synthesizes complex data across a swappable pool of external public frontier models via a single API.
  • Tulongfeng (360 Security Technology): Introduced at the ISCAI conference in Beijing, 360 bypassed the need for a general-purpose giant by engineering a hyper-focused domain ensemble. By marrying smaller specialized models with localized security tools and threat intelligence databases, the framework is hardwired to autonomously scan code bases and isolate hidden software vulnerabilities at scale.

The Reality Check ⚖️
Neither system is a magic bullet, and both carry technical tradeoffs that the industry must consider:

  1. Orchestration Overhead: Fugu Ultra’s performance is natively capped by the models available in its underlying backend pool. Because it cannot access restricted models like Fable 5, it can still lag on long-horizon engineering tasks. Furthermore, running multi-model loops can generate added latency and variable token costs.
  2. The Capability Gap: 360’s leadership openly acknowledges that Tulongfeng still operates with a 20% to 30% capability gap compared to cutting-edge US frontier intelligence. Its true enterprise value lies in highly integrated automated defense rather than all-in-one general reasoning.

The Core Takeaway 🌐
When hardware and data constraints tighten, innovation accelerates elsewhere. The rise of multi-agent orchestration and domain-specific ensembles proves that coordinated collective intelligence can effectively rival, or even outscore, traditional centralized LLM endpoints.

The question for enterprise leaders is no longer "which individual model is smartest?" The better question is "which architecture is resilient enough to coordinate the best tools for the job?"

u/AISecIntelGroup — 6 days ago