Unpatched Ollama Vulnerabilities: Phishing Overlays and Data Exfiltration (www.promptarmor.com)

Ollama, a prominent tool used for AI model deployment with over 170,000 stars on GitHub, has exposed critical vulnerabilities within its desktop application that could allow phishing overlays and data exfiltration through indirect prompt injection attacks. These vulnerabilities enable an attacker to manipulate the app to display their own malicious websites and extract sensitive user data without requiring any user interaction, thanks to the insecure rendering of model outputs. The implications for the AI/ML community are significant, as these vulnerabilities highlight the need for stringent security protocols in AI tools that handle user data and generate dynamic content. Specifically, the ability for an attacker to overwrite the user interface remotely and extract data through insecure web searches and external HTML elements underscores a gap in safeguarding AI applications against external manipulation. Despite reporting these issues to the Ollama team in December 2025 and multiple follow-ups, no responses were received, prompting the public disclosure of this critical security risk to protect users.