Local AI question

Is it possible that, even if Draw Things (or whatever application one uses) is safe and privacy-respecting, one of the AI models one uses could in fact compromise one’s privacy or security?

Well that’s not how it works. Downloading a model could compromise your security, but it wouldn’t be the model itself that is unsafe.

A model is a bunch of numbers (think CSV file or content of a spreadsheet). Those numbers won’t do anything to your privacy or security. However, it’s a lot of numbers so we typically share them in a compressed format (basically a ZIP file) and to make the numbers do anything we need a program (like excel).

The compressed file (the “ZIP”) could contain malicious code that does bad things when you try to unpack it. The way you protect against this is by looking at hashes (MD-5 or SHA-256) of what you have downloaded compared to what the provider (that you must trust) says it should be. If they match the data is unlikely to have been tampered with.

The program that runs the model is typically build into the app you use. In your case, it is likely that Draw Things will use the same code to run a model. I have not read the code, so I can’t say with certainty, but that’s how the vast majority of AI apps work under the hood. If that is “safe” for one model, it is safe for any model.

So yeah, the model is safe and won’t leak any data. The stuff around the model is probably safe assuming you trust Draw Things and have basic hygiene around “downloading things from the internet”.