Over 14,000 Ollama server instances are publicly accessible on the internet right now. A recentCisco analysisfound that 20% of these actively host models susceptible to unauthorized access. Separately,BankInfoSecurityreported discovering more than 10,000 Ollama servers with no authentication layer—the result of hurried AI deployments by developers under pressure. This is the new shadow IT: developers spinning up local LLM servers for productivity, unaware they’ve exposed sensitive infrastructure to the internet. And Ollama is just one of dozens of AI serving platforms proliferating across enterprise networks. The security question is no longer “are we running AI?” but “where is AI running that we don’t know about?” LLM service fingerprinting identifies what**server software**is running on a network endpoint—not which AI model generated text, butwhich infrastructure is serving it. The LLM security space spans multiple tool categories, each answering a different question: Question Tool Category "What ports are open?" Nmap "What service is on this port?" Praetorian Nerva(will be open-sourced) "Is this HTTP service an LLM?" Praetorian Julius "Which LLM wrote this text?" Model fingerprinting "Is this prompt malicious?" Input guardrails "Can this model be jailbroken?" Nvidia Garak Praetorian Augustus(will be open-sourced)