Hello and welcome to the Tuesday, January 20, 2006 edition of the Sands Internet Storm Center's Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

And this episode is brought you by the Sands.edu graduate certificate program in cyber security

leadership. And did he and his honeypot observed, well, an attacker hunting for large language

models, more and more companies and also individuals are running their internal large language

models. And, well, some of them are exposing them

onto the Internet, and this is what the hackers are after.

There are a couple reasons for that.

First of all, of course, they could just use those models instead of the public and potentially

more costly ones in order to run their queries.

They could also possibly then exploit additional weaknesses in it,

in particular if an individual or a company did add their own sort of internal knowledge base

to the large language model.

They may be able to enumerate that and then figure out exactly,

you know, what kind of secrets or so may be stored in that particular model.

So a couple of possibilities here don't exactly know what they're after.

There are a couple other reports as well of people finding these scans in their logs.

But, yeah, you probably don't want to expose these models to the public without any odd occasion.

That's really just setting yourself up for at least a fairly costly compute bill.

And Mandy and the part of Google, of course, now did release a rainbow table of possible

net NTLM version 1 hashes.

Now, this is nothing really sort of super groundbreaking or such.

...