RUNLOCALAIv38
->Will it run?Best GPUCompareTroubleshootStartLearnPulseModelsHardwareToolsBench
Run check
RUNLOCALAI

Independently operated catalog for local-AI hardware and software. Hand-written verdicts. Source-cited claims. Reproducible commands when we have them.

OP·Fredoline Eruo
DIR
  • Models
  • Hardware
  • Tools
  • Benchmarks
TOOLS
  • Will it run?
  • Compare hardware
  • Cost vs cloud
  • Choose my GPU
  • Prompting kits
  • Quick answers
REF
  • All buyer guides
  • Learn local AI
  • Methodology
  • Glossary
  • Errors KB
  • Trust
EDITOR
  • About
  • Author
  • How we make money
  • Editorial policy
  • Contact
LEGAL
  • Privacy
  • Terms
  • Sitemap
MAIL · MONTHLY DIGEST
Get monthly local AI changes
Monthly recap. No spam.
DISCLOSURE

Some links on this site are affiliate links (Amazon Associates and other first-class retailers). When you buy through them, we earn a small commission at no extra cost to you. Affiliate links do not influence our verdicts — there are cards we rate highly that we don't have affiliate relationships with, and cards that sell well that we refuse to recommend. Read more →

© 2026 runlocalai.coIndependently operated
RUNLOCALAI · v38
  1. >
  2. Home
  3. /Learn
  4. /Courses
  5. /Security and Privacy for Local AI
  6. /Ch. 10
Security and Privacy for Local AI

10. Model Provenance

Chapter 10 of 16 · 15 min
KEY INSIGHT

Model provenance is chain-of-custody for AI systems. Know where every model comes from, verify its integrity before loading, and document the chain. A compromised model can undermine all other security controls.

Model provenance answers: where did this model come from, who trained it, and can you trust it? Malicious models carry risks of backdoors, data exfiltration, and unpredictable behavior. Verifying provenance prevents deploying compromised models.

What to verify:

Source verification confirms you downloaded the model from the expected source (official repository, not a mirror). Check SHA256 hashes published by the model creator.

Signature verification uses cryptographic signatures to confirm the model hasn't been tampered with. Some model hubs sign releases.

License review identifies legal constraints on model use. Some models prohibit commercial use, require attribution, or impose restrictions on output usage.

Build verification for self-hosted models confirms the build process hasn't been modified. Reproducible builds help here.

Verify model integrity:

# Download model and verify hash
wget https://ollama.ai/library/llama3:latest
sha256sum llama3.bin

# Compare against published hash
echo "expected: 8abb54b1e2...  llama3.bin"
# If mismatch, do not load the model

# For signed models, verify signature
gpg --verify llama3.bin.sig llama3.bin
# Check that signature key matches known fingerprint

Document model inventory:

# model-inventory.yaml
models:
  - name: llama3:8b
    version: "2024-05-28"
    source: https://ollama.ai/library/llama3
    sha256: 8abb54b1e2...
    license: llama3 community license
    imported_at: "2024-05-28"
    responsible: [email protected]
    risk_level: medium
    notes: Default chat model for internal support

  - name: mistral:7b
    version: "2024-04-15"
    source: https://ollama.ai/library/mistral
    sha256: 5b2b28c9f1...
    license: Apache 2.0
    imported_at: "2024-04-15"
    responsible: [email protected]
    risk_level: low
    notes: Code analysis model

Dangerous patterns in model sources:

  • Models from unknown GitHub accounts with few stars and recent activity
  • Models with pre-set system prompts that instruct bypassing safety
  • Models downloaded from IPFS without content verification
  • Mirrors of official models with different file sizes
EXERCISE

Create a model inventory document listing every model loaded in your local AI deployment. For each model, record: source URL, SHA256 hash (computed now), license, and last update date. Set a monthly reminder to verify hashes haven't changed.

← Chapter 9
HTTPS for Local APIs
Chapter 11 →
Supply Chain Risks