When AI Servers Go Rogue and Car Doors Won't Open: This Week's Security Wake-Up Calls

Page content

When AI Servers Go Rogue and Car Doors Won’t Open: This Week’s Security Wake-Up Calls

You know that feeling when you realize just how interconnected and vulnerable our digital infrastructure really is? This week delivered a perfect storm of reminders, from 175,000 exposed AI servers scattered across the globe to Russian drivers literally locked out of their cars by hackers. Let me walk you through what happened and why it matters for all of us.

The Great AI Server Exposure

The biggest story this week comes from researchers at SentinelOne and Censys, who discovered something pretty alarming: 175,000 publicly accessible Ollama AI servers spread across 130 countries. These aren’t just sitting in corporate data centers – they’re running on cloud infrastructure and even residential networks.

What makes this particularly concerning is that these systems represent what the researchers call an “unmanaged, publicly accessible layer of AI compute infrastructure.” Think about it – we’re talking about AI deployment tools that organizations are spinning up without proper security controls, often without even realizing they’re exposing these services to the internet.

From our perspective as security professionals, this highlights a familiar pattern: new technology gets deployed faster than security practices can keep up. The rush to implement AI solutions is creating blind spots that attackers are definitely going to notice, if they haven’t already.

When Your Car Becomes a Brick

Meanwhile, in Russia, we saw a different kind of infrastructure attack that hits closer to home – literally. Hackers targeted a car security system, leaving owners locked out of their vehicles on what I’m sure was already a cold Monday morning in Moscow.

Picture this: you walk out with your coffee, hit the unlock button, and nothing happens. Try again – still nothing. Then the alarm starts blaring and you can’t turn it off. It’s almost comical until you realize this represents a broader vulnerability in our connected vehicle ecosystem.

This incident underscores how cyberattacks are moving beyond traditional IT infrastructure into operational technology that affects our daily lives. Connected cars, smart locks, IoT devices – they’re all potential entry points that can cause real-world disruption.

Microsoft’s Update Domino Effect

On the enterprise side, Microsoft had to explain why some Windows 11 systems were failing to boot after installing January 2026 updates. The culprit? A failed December 2025 security update that left systems in an “improper state”.

This is a perfect example of how update failures can cascade into bigger problems months later. It’s also a reminder that we need robust rollback procedures and better testing of update chains. When a December update failure causes January boot problems, it suggests there are some gaps in Microsoft’s quality assurance process that we all have to plan around.

For those of us managing Windows environments, this reinforces the importance of staged deployments and having good backup procedures before applying updates – even routine security patches.

The SBOM Policy Reversal

In a significant policy shift, the Trump administration rescinded Biden-era guidance requiring federal agencies to request software bills of materials (SBOMs) from vendors. Agencies will no longer need to solicit SBOMs or attestations that vendors comply with NIST’s Secure Software Development Framework.

This is interesting from a supply chain security perspective. SBOMs have become increasingly important for understanding what components are in our software, especially after incidents like Log4Shell showed us how vulnerable dependencies can create widespread risk.

While the immediate impact is on federal procurement, this policy change could influence how the broader market approaches software transparency. If federal agencies aren’t requiring SBOMs, will vendors still prioritize creating them? It’s something we’ll need to watch, especially those of us working with government contractors or in regulated industries.

What This All Means

Looking at these incidents together, I see a few common threads. First, the attack surface keeps expanding faster than our security practices can adapt. Whether it’s AI servers, connected cars, or complex software supply chains, we’re dealing with more complexity and more potential failure points.

Second, the real-world impact of security failures is becoming more immediate and tangible. It’s not just about data breaches anymore – it’s about cars that won’t start and computers that won’t boot.

Finally, the regulatory and policy environment around cybersecurity continues to shift, which means we need to stay flexible in how we approach compliance and risk management.

The key takeaway? We need to get better at security fundamentals while also preparing for attacks on systems we might not have traditionally considered part of our threat model. That morning coffee might depend on it.

Sources