RUNLOCALAIv38
->Will it run?Best GPUCompareTroubleshootStartLearnPulseModelsHardwareToolsBench
Run check
RUNLOCALAI

Independently operated catalog for local-AI hardware and software. Hand-written verdicts. Source-cited claims. Reproducible commands when we have them.

OP·Eruo Fredoline
DIR
  • Models
  • Hardware
  • Tools
  • Benchmarks
TOOLS
  • Will it run?
  • Compare hardware
  • Cost vs cloud
  • Choose my GPU
  • Prompting kits
  • Quick answers
REF
  • All buyer guides
  • Learn local AI
  • Methodology
  • Glossary
  • Errors KB
  • Trust
EDITOR
  • About
  • Author
  • How we make money
  • Editorial policy
  • Contact
LEGAL
  • Privacy
  • Terms
  • Sitemap
MAIL · MONTHLY DIGEST
Get monthly local AI changes
Monthly recap. No spam.
DISCLOSURE

Some links on this site are affiliate links (Amazon Associates and other first-class retailers). When you buy through them, we earn a small commission at no extra cost to you. Affiliate links do not influence our verdicts — there are cards we rate highly that we don't have affiliate relationships with, and cards that sell well that we refuse to recommend. Read more →

© 2026 runlocalai.coIndependently operated
RUNLOCALAI · v38
  1. >
  2. Home
  3. /Learn
  4. /Courses
  5. /AI Safety and Alignment
  6. /Ch. 2
AI Safety and Alignment

02. Threat Taxonomy

Chapter 2 of 18 · 15 min
KEY INSIGHT

Threats cluster into extraction, injection, jailbreaking, and poisoning categories. Mapping these to specific deployment architectures reveals where defensive effort yields the highest return.

Effective defense requires understanding what you're defending against. This chapter establishes a taxonomy of threats to local AI systems, enabling systematic security assessment.

Threat Categories

AI threats fall into four primary categories, each with distinct characteristics and mitigations.

Model Extraction occurs when attackers query a model to reconstruct its functionality or approximate its weights. Local models face this risk through repeated API calls that map input-output relationships. The attacker builds a substitute model or gains capabilities exceeding intended access levels.

Prompt Injection embeds malicious instructions within inputs that the model executes, overriding its system prompt or intended behavior. This threat is particularly relevant for local deployments processing external inputs—emails, documents, user messages.

Jailbreaking explicitly attempts to bypass safety measures, forcing models to produce outputs their designers restricted. Local models may lack dependable safety layers, creating vulnerabilities.

Data Poisoning compromises training data to influence model behavior. For local deployments, this applies when fine-tuning on potentially adversarial inputs or processing user-generated content that enters training loops.

Attack Surface Analysis

Each local AI deployment has an attack surface determined by its access patterns. Consider a document analysis system:

# Sample attack surface for document-processing AI
# Input: User-uploaded documents
# Processing: Local model inference
# Output: Summaries, extractions, analysis

class DocumentProcessor:
    def __init__(self, model_path):
        self.model = load_model(model_path)
        self.system_prompt = "Analyze documents professionally."
    
    def process(self, uploaded_file):
        # Path 1: Direct file content injection
        content = uploaded_file.read()
        
        # Path 2: Filename metadata embedding
        filename = uploaded_file.filename
        
        # Path 3: Metadata headers
        metadata = uploaded_file.metadata
        
        # All three paths feed into model
        prompt = f"{self.system_prompt}\n\nContent: {content}"
        return self.model.generate(prompt)

Attackers exploit multiple input vectors simultaneously. A poisoned filename might contain instructions; extracted metadata might bypass filters.

Severity and Likelihood Framework

Not all threats require equal investment. A severity-likelihood matrix guides prioritization:

Threat Severity Likelihood Priority
Model theft via API abuse High Medium Critical
Malicious document injection High Low High
Prompt injection via web scraper Medium High High
Accidental PII leakage Medium Medium Medium

Understanding threat taxonomy enables operators to allocate defensive resources appropriately.

EXERCISE

For a local AI assistant handling internal company queries, identify the top five threat vectors and classify each by category. Explain your prioritization reasoning.

← Chapter 1
AI Safety Landscape
Chapter 3 →
Adversarial dependableness