A recent investigation by SentinelOne and Censys has uncovered a significant risk associated with the deployment of open-source AI infrastructure. They found approximately 175,000 publicly accessible Ollama hosts spread across 130 countries, with over 30% located in China. These systems can operate outside standard monitoring and security protocols, raising major concerns about their exposure and potential misuse. Countries like the U.S., Germany, and India also have substantial numbers of these hosts. Many of these systems possess tool-calling capabilities, allowing them to execute code, access APIs, and interact with external systems. This increases their risk profile significantly since a compromised endpoint can perform privileged operations, which could lead to serious security breaches. More than 48% of the observed hosts could advertise these capabilities through their API endpoints, making them attractive targets for cybercriminals. The article highlights the emergence of LLMjacking, where attackers exploit vulnerable LLM resources for profit, such as generating spam or conducting cryptocurrency mining. The investigation identifies a coordinated effort by threat actors engaged in an LLMjacking campaign known as Operation Bizarre Bazaar. This operation involves scanning the internet for exposed Ollama instances, validating these endpoints, and selling access on a platform called silver.inc. The campaign has been linked to a specific threat actor known as Hecker, highlighting a structured criminal marketplace for compromised AI infrastructure. Traditional security measures struggle to apply to this decentralized setup, particularly because many hosts are located in residential environments, complicating governance and risk management.