Trend Micro Warns: Thousands of AI Servers Exposed, Urges Immediate Security Action

13th August 2025, Kathmandu

Global cybersecurity leader Trend Micro Incorporated has issued a critical warning to AI engineers and IT leaders regarding the widespread exposure of AI servers, highlighting significant infrastructure-level risks that could lead to data theft, poisoning, ransom, and other devastating cyberattacks.

AI Server Security Risks

The urgent call for adherence to best practices in secure system development and deployment comes on the heels of Trend Micro’s latest research, detailed in their “State of AI Security Report, 1H 2025.”

The report underscores a concerning trend

AI infrastructure is often built from unsecured or unpatched components, creating open doors for malicious actors. “AI may represent the opportunity of the century for global businesses,” stated Rachel Jin, Chief Enterprise Platform Officer at Trend Micro. “But those rushing in too fast without taking adequate security precautions may end up causing more harm than good.

As our report reveals, too much AI infrastructure is already being built from unsecured and/or unpatched components, creating an open door for threat actors.”

Key AI-Related Security Challenges Identified

Trend Micro’s research sheds light on several pressing security challenges facing AI deployments:

Vulnerabilities in Critical Components

AI applications rely on specialized software components and frameworks, which are susceptible to the same vulnerabilities found in regular software. The report specifically highlights zero-day vulnerabilities and exploits discovered in core components, including ChromaDB, Redis, NVIDIA Triton, and NVIDIA Container Toolkit. These flaws can be exploited to enable remote code execution and compromise the system.

Accidental Internet Exposure

The rapid pace of AI development and deployment often leads to instances where AI systems are inadvertently exposed to the internet without proper authentication. Trend Micro’s findings are alarming: over 200 ChromaDB servers, 2,000 Redis servers, and more than 10,000 Ollama servers were found directly accessible online with no authentication, making them prime targets for adversaries.

Weaknesses in Open-Source Components

Many AI frameworks and platforms leverage open-source software libraries. While beneficial for innovation, these components can harbor vulnerabilities that silently creep into production systems, proving difficult to detect. A recent example from Pwn2Own Berlin, which featured a new AI category, saw researchers uncover an exploit for the Redis vector database stemming from an outdated Lua component.

Container-Based Vulnerabilities

A significant portion of AI infrastructure operates within containers, inheriting the security vulnerabilities and threats prevalent in cloud and container environments. Pwn2Own researchers successfully exploited the NVIDIA Container Toolkit, underscoring the need for robust container security practices like sanitizing inputs and continuous runtime behavior monitoring.

Stuart MacLellan, CTO at NHS SLAM, emphasized the evolving nature of AI security: “There are still lots of questions around AI models and how they could and should be used.

We now get much more information than we ever did about the visibility of devices and what applications are being used. It’s interesting to collate that data and get dynamic, risk-based alerts on people and what they’re doing depending on policies and processes. That’s going to empower the decisions that are made organizationally around certain products.”

Urgent Call to Action for Secure AI Development and Deployment

To mitigate these mounting risks, Trend Micro urges both the developer community and their customers to prioritize security alongside time-to-market. Concrete steps include

Improved Patch Management and Vulnerability Scans: Regularly update and scan all software components for known vulnerabilities.

Comprehensive Software Inventory: Maintain a detailed inventory of all software components, including third-party libraries and subsystems, to track potential exposures.

Container Security Best Practices: Implement robust container management security, such as using minimal base images to reduce the attack surface and employing runtime security tools.

Rigorous Configuration Checks: Ensure all AI infrastructure components, particularly servers, are properly configured and not inadvertently exposed to the internet.

About Trend Micro:

Trend Micro, a global leader in cybersecurity, is dedicated to making the digital world safe for information exchange. Leveraging decades of security expertise, extensive global threat research, and continuous innovation, Trend Micro’s AI-powered cybersecurity platform safeguards hundreds of thousands of organizations and millions of individuals across diverse digital environments—clouds, networks, devices, and endpoints.

As a prominent player in cloud and enterprise cybersecurity, Trend Micro’s platform provides advanced threat defense optimized for major cloud providers like AWS, Microsoft, and Google, offering centralized visibility for faster detection and response.

With 7,000 employees in 70 countries, Trend Micro empowers organizations to simplify and secure their connected world.

For more: AI Server Security Risks