RUNLOCALAIv38
->Will it run?Best GPUCompareTroubleshootStartLearnPulseModelsHardwareToolsBench
Run check
RUNLOCALAI

Independently operated catalog for local-AI hardware and software. Hand-written verdicts. Source-cited claims. Reproducible commands when we have them.

OP·Eruo Fredoline
DIR
  • Models
  • Hardware
  • Tools
  • Benchmarks
TOOLS
  • Will it run?
  • Compare hardware
  • Cost vs cloud
  • Choose my GPU
  • Prompting kits
  • Quick answers
REF
  • All buyer guides
  • Learn local AI
  • Methodology
  • Glossary
  • Errors KB
  • Trust
EDITOR
  • About
  • Author
  • How we make money
  • Editorial policy
  • Contact
LEGAL
  • Privacy
  • Terms
  • Sitemap
MAIL · MONTHLY DIGEST
Get monthly local AI changes
Monthly recap. No spam.
DISCLOSURE

Some links on this site are affiliate links (Amazon Associates and other first-class retailers). When you buy through them, we earn a small commission at no extra cost to you. Affiliate links do not influence our verdicts — there are cards we rate highly that we don't have affiliate relationships with, and cards that sell well that we refuse to recommend. Read more →

© 2026 runlocalai.coIndependently operated
RUNLOCALAI · v38
  1. >
  2. Home
  3. /Learn
  4. /Courses
  5. /Hybrid Local-Cloud AI Architecture
  6. /Ch. 16
Hybrid Local-Cloud AI Architecture

16. Security Boundaries

Chapter 16 of 18 · 15 min
KEY INSIGHT

Security boundaries require defense in depth. Single controls fail; layered protections that assume breach maintain protection even when individual mechanisms break.

Security boundaries define the perimeter between your AI gateway and untrusted environments. Inference requests carry sensitive data—user prompts, organizational information, proprietary context—that requires protection through the entire processing pipeline.

Authentication and authorization form the outermost boundary. API keys should be hashed before storage; never store plaintext credentials. Token-based authentication with short-lived refresh tokens prevents long-term credential exposure. Role-based access control restricts which models and providers users can access.

from fastapi import HTTPException, Depends
from fastapi.security import HTTPBearer
from jose import jwt, JWTError
from passlib.context import CryptContext

security = HTTPBearer()
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")

async def verify_token(credentials = Depends(security)) -> TokenPayload:
    try:
        payload = jwt.decode(
            credentials.credentials,
            config.jwt_secret,
            algorithms=["HS256"]
        )
        user_id = payload.get("sub")
        if user_id is None:
            raise HTTPException(401, "Invalid token")
        
        # Check permissions
        permissions = get_user_permissions(user_id)
        return TokenPayload(user_id=user_id, permissions=permissions)
    except JWTError:
        raise HTTPException(401, "Token verification failed")

def require_permission(permission: str):
    async def check_permission(payload: TokenPayload = Depends(verify_token)):
        if permission not in payload.permissions:
            raise HTTPException(403, "Permission denied")
        return payload
    return check_permission

# Protected endpoint example
@router.post("/v1/completions")
async def completions(
    request: CompletionRequest,
    auth: TokenPayload = Depends(require_permission("inference:local"))
):
    # Request authenticated and authorized
    pass

Data isolation ensures requests don't leak between tenants or sessions. Dedicated inference resources for sensitive workloads prevent co-resident model inference from accessing other users' prompts. Network segmentation isolates inference traffic from general application traffic.

Prompt injection represents a nuanced attack vector. Malicious users embed instructions within prompts that attempt to manipulate model behavior or extract information from context. Input validation, output filtering, and sandboxed execution mitigate injection risks.

Local verification checkpoint

Run the smallest example from this chapter in a local workspace and record the package version, runtime, data path, and observed output. If the result depends on model size, vector count, CPU/GPU backend, or available memory, note that constraint beside the exercise so the lesson remains reproducible.

EXERCISE

Audit your gateway's authentication flow. Identify all credential storage locations, verify hash algorithms, and test token expiration behavior. Document the attack surface for each component.

← Chapter 15
Usage Tracking
Chapter 17 →
Performance Benchmarking