Next Article in Journal
A Robust Stacking-Based Ensemble Model for Predicting Cardiovascular Diseases
Previous Article in Journal
Integrating Large Language Models into Robotic Autonomy: A Review of Motion, Voice, and Training Pipelines
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
AI
Volume 6
Issue 7
10.3390/ai6070159
ai-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

Local AI Governance: Addressing Model Safety and Policy Challenges Posed by Decentralized AI

by
Bahrad A. Sokhansanj
1,2
1
Department of Electrical & Computer Engineering, College of Engineering, Drexel University, Philadelphia, PA 19104, USA
2
Law Office of Bahrad Sokhansanj, Los Angeles, CA 90034, USA
AI 2025, 6(7), 159; https://doi.org/10.3390/ai6070159
Submission received: 5 June 2025 / Revised: 7 July 2025 / Accepted: 15 July 2025 / Published: 17 July 2025
(This article belongs to the Section AI Systems: Theory and Applications)
Browse Figures
Versions Notes

Abstract

Policies and technical safeguards for artificial intelligence (AI) governance have implicitly assumed that AI systems will continue to operate via massive power-hungry data centers operated by large companies like Google and OpenAI. However, the present cloud-based AI paradigm is being challenged by rapidly advancing software and hardware technologies. Open-source AI models now run on personal computers and devices, invisible to regulators and stripped of safety constraints. The capabilities of local-scale AI models now lag just months behind those of state-of-the-art proprietary models. Wider adoption of local AI promises significant benefits, such as ensuring privacy and autonomy. However, adopting local AI also threatens to undermine the current approach to AI safety. In this paper, we review how technical safeguards fail when users control the code, and regulatory frameworks cannot address decentralized systems as deployment becomes invisible. We further propose ways to harness local AI’s democratizing potential while managing its risks, aimed at guiding responsible technical development and informing community-led policy: (1) adapting technical safeguards for local AI, including content provenance tracking, configurable safe computing environments, and distributed open-source oversight; and (2) shaping AI policy for a decentralized ecosystem, including polycentric governance mechanisms, integrating community participation, and tailored safe harbors for liability.

1. Introduction

The generative artificial intelligence (AI) revolution began in research labs but became a mass phenomenon in November 2022, when OpenAI released ChatGPT, a powerful large language model (LLM) delivered through an easy-to-use web-based chatbot [1]. This breakthrough represented a major shift from conventional machine learning’s focus on prediction and classification to AI systems designed to create novel content [2,3,4]. The scope of generative AI extends beyond LLMs to encompass multimodal vision–language models (VLMs), audio synthesis systems, and image and video generation tools. The ability to generate and execute code using LLMs opens the door to semi-autonomous or autonomous “agent” systems capable of reasoning and problem-solving [5,6]. Autonomous agents can potentially even teach themselves new capabilities [7,8,9]. Generative AI has become so prevalent that the term “AI” is now synonymous with it in popular usage, even though conventional machine learning models have existed for decades. (In this paper, “generative AI” and “AI” are used interchangeably, consistent with most contemporary literature on LLMs and related models).
Companies like OpenAI, Anthropic, and Google deploy increasingly sophisticated models that are accessed through the web and run on data centers containing massive GPU clusters [10]. Their mode of operation establishes clear points of control: corporate providers can monitor usage, enforce safety guardrails, and implement pricing structures that shape how these technologies are used. However, the landscape is now undergoing another transformation. Powerful open-source models have emerged that can run outside institutional providers’ cloud-based services on local hardware. Figure 1 summarizes how the emergence of consumer-controlled decentralized deployment (“local AI”) as an alternative to a centralized provider-controlled centralized infrastructure (“cloud AI”) represents a fundamental shift in how the public can access and use AI.
The emergence of open-source AI broadens who can access and modify advanced AI capabilities—and, by extension, who can potentially misuse them [11]. The implications for AI governance are profound. Access and use restrictions can no longer be enforced solely through centralized commercial providers like OpenAI or Google. Indeed, locally deployable open-source AI, or “local AI,” presents even further challenges beyond those of open-source systems. When open-source models run on data centers, they generally require significant investment and a physical presence that facilitates oversight. By contrast, local generative AI can run on consumer hardware, including personal computers, laptops, and, as hardware improves, even smartphones—all without a constant Internet connection to cloud services or external servers. Local AI is much harder to regulate as a result.
There is extensive literature on proposals for and critical evaluation of AI policy [12,13,14,15,16,17,18,19,20,21]. However, the previous work has largely not focused on the specific challenges of local AI. Instead, the AI policy scholarship frequently makes the (often unspoken) assumption that the computers that run AI will be housed in data centers and, thus, at least somewhat visible to regulation. As further explained in this review, the assumption of AI system visibility underlies how governments write regulations on AI models, which appear to presume that they will operate on publicly visible hardware. Similarly, model safety measures rely on the implicit assumption that models cannot be fine-tuned to remove internal safeguards and then run outside the scope of regulation.
This paper is a curated literature review, using standard academic practices, based on sources that address AI governance challenges. The review’s scope is focused on literature examining decentralized deployment, open-source models, and the dual nature of local AI’s benefits and risks. The paper is organized as follows: Section 2 provides background on the development of local AI. Section 3 examines why users choose local deployment and describes the benefits of local AI. Section 4 highlights examples of potential high-risk AI applications where the risks may be exacerbated by local AI, including biosecurity, information integrity, and cybersecurity. Section 5 reviews the current technical and policy measures for regulating AI and ensuring AI safety. The analysis in Section 5 is from the perspective of local AI’s challenges to the current paradigm, explaining how local deployment potentially undermines both (1) technical safeguards and (2) regulatory policy (governmental and non-governmental). Section 6 draws from the literature to offer proposals that represent a starting point for rethinking governance in response to the emerging challenges of the local AI ecosystem: (1) novel approaches to technical safeguards, such as content provenance technologies, secure computing environments, and distributed monitoring systems; and (2) innovative policy measures, including polycentric governance frameworks, community-driven participatory models, and legal protections for responsible actors. These proposals are grounded in the urgent need for multilayered AI governance capable of addressing the risks associated with local AI while retaining its benefits of privacy, autonomy, and democratizing technology.

2. The Development of Local Generative AI

The first prominent open-source LLM that began to approach the capabilities of ChatGPT was Meta’s Llama [22], followed soon thereafter by Mistral’s models [23]. While Meta and Mistral provided access to their models through their own API endpoints, such as Mistral LeChat, they also provided open-source versions that could be deployed locally on computers with sufficient resources or self-hosted on user-controlled cloud resources. Additional powerful open-source models have been released, including Google’s Gemma 3 [24], Microsoft’s Phi-3 [25], Alibaba’s Qwen 3 [26], and the United Arab Emirates’ Falcon [27].
While developments in open-source and local AI have been less broadly publicized than the introduction of new versions of ChatGPT, the “open-source” AI paradigm was thrust into the spotlight in early 2025 with the release of DeepSeek-R1, an open-source model developed in China that provided performance comparable to large closed-source cloud-based models [28]. DeepSeek-R1 is a large model that has to run on multiple servers in a data center. However, as an open-source model, it can be hosted anywhere and not just on DeepSeek’s own China-based servers. DeepSeek-R1’s open-sourcing further enables it to be run locally when it has been “quantized.” Quantization is a process in which all or certain internal model weights of the LLM are reduced in precision from, e.g., 32-bit or 16-bit to as low as 3-bit floating-point numbers (i.e., rounded to fewer decimal places) [29,30,31,32]. Although there can be some trade-offs in model performance, quantized LLMs remain adequate for typical use cases. Importantly, their lower precision weights use less RAM and enable faster runtimes. Indeed, quantized versions of DeepSeek-R1 developed by a company called Unsloth have been shown to run on higher-end consumer hardware with performance at least qualitatively comparable to the original [33].
DeepSeek has also released “distillations” of R1—versions of local models like Llama and Qwen fine-tuned on the output of the larger model. To develop these distillations of R1, DeepSeek employs a simple approach that can train on the output of large models to fine-tune local models. This approach allows developers to boost the performance of locally deployable models to levels that prove useful for many applications. Moreover, in some use cases, the local model performance is now comparable to that of state-of-the-art proprietary systems [28]. This represents a critical turning point. Now, the initial training of state-of-the-art frontier LLMs may still require massive data centers. However, the frontier models can then be used to generate synthetic datasets that allow their power to be transferred to create smaller, yet well-performing, models that can run locally.
Another innovation in model architecture that has enabled local LLMs is “Mixture-of-Experts,” (MoE), where only a subset of the model’s parameters (the “experts”) are activated for any given input, with a gating mechanism determining which experts to use [34,35]. The MoE architecture reduces the computational requirements during inference, making larger models feasible on local hardware. When combined with memory management techniques in open-source implementations, MoE thus enables efficiently dividing model inference such that, each time it runs, a fraction of the model needs to be loaded in GPU memory (VRAM, more expensive) and the rest can be loaded to ordinary RAM (much cheaper), enabling much larger and more powerful models to run locally [26,36]. Yet another way to improve local LLM performance, particularly for chatbot and sequential interactions, is “KV cache compression,” which effectively reduces how much past conversation the model needs to store to stay coherent [37].
Figure 2 charts the rapid improvement of open-source models that can potentially be run on local machines, showing how it has paralleled the progression of large proprietary models that are considered the flagships of companies like OpenAI and Google. As a practical matter, the recent progress in local AI models has closed the gap with proprietary models in many common use cases, including document summarization, basic reasoning for agentic applications, routine coding tasks, and local question answering. In these contexts, local models perform well enough to meet user needs for practical purposes, even if they trail behind the frontier in raw scale or emergent abilities like highly complex reasoning, novel code generation, and long-context tasks (i.e., where prompts are unusually long, such as when summarizing multiple documents) [38,39,40].
The ability to run models locally is set to advance even further through the emergence of “AI PCs,” such as the Nvidia DIGITS system, which has a powerful GPU and onboard memory, allowing it to run larger-scale models [41]. Apple offers M4 chips, which can run AI models on battery-powered laptops [42]. AMD has also announced a “workstation-class” GPU aimed at developers and professionals using AI rather than gamers, who have until now dominated the consumer GPU market [43].
Perhaps some skeptics would still question whether local AI will play a significant role in the overall AI ecosystem given that proprietary cloud-provided systems are becoming more capable as well. However, as long as they provide a sufficient level of performance, there are compelling reasons to adopt local AI. Local AI can cost less since running models on a local device means avoiding paying fees to use cloud services through APIs and web applications. Any cost savings, to be sure, may be tempered by the need to buy more powerful computers to run more capable AI models. However, intense competition emerging among chipmakers, e.g., the AI PC developers noted above, is already reducing costs and should continue to reduce them in the future. Local AI also avoids the need for an Internet connection, which can be useful in remote areas or airplanes. More broadly, AI models that are available offline provide increased security, prevent risks due to sending information to the model provider or outside the country, and circumvent firewalls or other restrictions. The fundamental personal and social benefits of moving to a local decentralized delivery of AI include control over user privacy, autonomy from large commercial providers, and greater customizability outside of a centralized platform.

3. Benefits of Local AI

At a fundamental level, local AI disrupts what has been called “algorithmic governance,” a phrase that describes how major technology companies (“Big Tech”) use their market dominance to shape how information is accessed and how people connect in ways that influence the broader social order [44]. Through algorithmic governance, Big Tech companies exert a state actor-like regulatory authority that can extend globally [45]. The concentration of algorithmic power influences policy in ways that go beyond these companies’ actual products and services. Big Tech’s algorithmic power increasingly defines which problems, among all those existing in society, will receive attention and, addressing those select problems, what solutions are considered viable, how political coalitions form, and where policy debates occur [46]. Paradoxically, even critics of algorithmic governance are compelled to use the same Big Tech platforms that they organize against and seek to challenge [47].
Local AI can help to overcome these power asymmetries, which otherwise prevent fair discussion and development of AI ethical principles and policies. Building on its fundamental benefit as a democratizing force, local AI offers tangible benefits of privacy, customizability, and autonomy.
As an initial matter, the privacy-preserving aspect of local AI is particularly important in domains with strict confidentiality requirements, such as healthcare [48]. To ensure patient confidentiality, researchers have deployed local LLMs for anonymizing radiology reports [49] and offline-capable chatbots for self-managing hypertension [50]. Other domains have similar confidentiality requirements that motivate adopting local AI, such as legal practice, financial services, and proprietary business operations [51]. For example, in law, a key obstacle to AI use is that, when using cloud platforms, there is a risk that confidential attorney–client communications and work products could be recorded by logging prompts and responses, risking security breaches or even loss of privilege in court proceedings [52,53]. The significant confidentiality and data privacy concerns for attorneys can be obviated by local AI systems rather than relying on proprietary AI or even open-source AI on third-party cloud services.
Local deployment also reduces dependency on AI providers who might otherwise raise prices, restrict access based on commercial considerations, impose usage terms, or even discontinue services. Locally deployed models are becoming increasingly viable on lower-cost systems, albeit with performance trade-offs as devices are less capable [54]. Additionally, local deployment can prevent the need to use foreign cloud providers, such as using China’s DeepSeek models in the United States [54]. Cloud-based providers generally implement restrictions on what their systems will discuss or assist with, denying user requests with automated responses based on safety restrictions. The drawback of imposing restrictions though is that they are often overly broad and capture even legitimate uses, such as education, political organizing, and politically sensitive topics [55]. Local AI can thus help to counterbalance the concentration of power in a few dominant technology companies and democratize access to advanced capabilities [17,45,47].
Fundamentally, local deployment offers greater autonomy. Local AI avoids dependence on platforms that may enforce ideological constraints, commercial gatekeeping, or compliance with national censorship regimes. It also reduces exposure to surveillance by both corporations and states since central AI platforms can track and log every prompt and response [56]. Local AI, which cannot be externally monitored without hacking into local systems, thus provides a more secure way to help generate activist media, coordinate political action, or explore policy proposals free from institutional constraints. On a technical level, users can customize AI models to their specific needs without being limited by restrictions imposed by central providers. Given a pretrained open-source LLM, local devices or relatively inexpensive cloud resources can be used to fine-tune (i.e., further train) models to achieve specific goals for an individual or organization [57,58]. Open-source software has also been released to implement fine-tuning through command line and graphical user interfaces [59,60,61]. Users can freely modify the parameters and system prompts of an open-source model, thereby providing another way to circumvent safety restrictions [62,63,64].

4. Potential Risks of Local AI

As outlined in the previous section, local AI promises significant advantages for privacy, autonomy, and democratizing access to technology. These mitigate the danger of centralized AI giving technology platforms even greater knowledge of and control over users than, e.g., social media platforms do today [65,66]. However, the benefits of local AI are intertwined with potential risks as well. The same qualities that make local AI private and autonomous inherently undermine the measures that can be taken to prevent potential harm. This section reviews the risks of generative AI, focusing on areas where governance is needed to provide safety to users and others who might be affected by the use of generative AI. Notably, while the focus of this review is specifically on local deployment, many risks that are already evident for frontier cloud-based AI will apply equally to local AI models given their rapid pace of improvement. Here, three examples of AI risks for which local deployment could raise particular concerns are reviewed in detail: information integrity, cybersecurity, and biosecurity. A caveat to this discussion is that potential misuse of local AI is difficult to track and trace, and research has primarily focused on frontier closed-source models. As such, the empirical evidence of local AI remains limited and relies on extrapolating from the evidence of general AI risks.
First, generative AI can be used to create and disseminate effective misinformation and propaganda [67]. A recent experiment showed that propaganda articles generated by OpenAI’s GPT-3 could achieve persuasion rates equal to those of human-made foreign propaganda [68]. Other studies have found similar persuasive impacts for human evaluation of GPT-3-generated tweets [69], news articles, and other social media posts [70]. An even older model, GPT-2, was found to generate persuasive disinformation in the form of news articles [71]. Generative AI models can also generate multimedia disinformation, or “deepfakes” [72,73]. One empirical study showed that LLMs can generate statements imitating the style of politicians and other public figures with even greater perceived authenticity than the figures’ real statements [74]. The disinformation that was found to be effective in these studies was generated by GPT-3 and older LLMs. As shown in Figure 2, however, newer AI models like Llama 3, Qwen 3, and Gemma 3 that can run on consumer hardware are even more powerful [24,26,75]. This suggests that local AI is capable of generating highly effective political disinformation as well. Indeed, a recent study of older local models that lag behind the local state of the art at the time of this paper’s writing, including Llama 2, Mistral, and Microsoft Phi-2, found that they produced election disinformation that was indiscernible from human-written content in over 50% of instances [76].
Real-world observations confirm laboratory findings on the potential of AI to generate effective disinformation. For example, a recent study documented a real-world case where a Russian-backed propaganda outlet integrated GPT-3 into its operations, leading to a 2.4-fold increase in daily article production and an expansion into more diverse topics, all while maintaining persuasive efficacy [77]. There have been reports of other AI-enabled propaganda campaigns, such as social media posts in 2023 targeting Americans supportive of Ukraine [78]. By 2024, the use of AI appears to have become widespread in elections around the world. A recent report showed that 80% of countries that held an election in 2024 had demonstrated incidents of generative AI use—and, significantly, at least 20% were known to have been generated by foreign actors [79,80]. According to the report, generative AI was used to create deceptive social media posts, videos, and news articles. Most models were not identified, with the exception of ChatGPT in a few cases where the creators were transparent about the content origin. As the preceding studies showed, however, local AI has the capability of generating persuasive content, potentially without guardrails imposed by proprietary model providers like OpenAI or Google.
Second, generative AI lowers the technical barriers to creating sophisticated code to attack and compromise computer systems. LLMs have become very powerful software code generators, and they are becoming integral to professional workflows [81,82,83,84]. LLMs that run locally have also become more powerful coders; in 2024, one benchmarking study found that fine-tuned versions of Llama were capable of generating code that was more efficient than human-written code [85]. Local AI thus makes it possible for malicious actors to use fewer resources and require less technical expertise to execute a variety of complex and effective cyberattacks [86]. For instance, LLMs can be used to produce powerful malware that can evolve autonomously to evade detection [87].
In addition to malware, LLMs enable more powerful social engineering for criminal activity. For example, LLM-generated phishing emails have been shown to bypass both rule-based and machine learning-based phishing detectors [88]. Multimedia generative AI models can also be used for social engineering and deception. For example, voice cloning to impersonate celebrities or even family members in phone calls has been used to fraudulently elicit payments [89,90,91]. Identity fraud can also be facilitated by generative AI tools, exacerbating the rapidly growing challenge of “synthetic identity fraud” based on the creation of false documents [92].
Local AI’s growing capabilities in software coding and multimedia generation allow it to serve as a potent vehicle for generating malware and other kinds of cybersecurity threats. In February 2024, Microsoft and OpenAI reported on threat actors, including state-supported agencies such as Russia and North Korea, which had sought to utilize OpenAI GPT-4 for vulnerability research, social engineering, and coding tasks [93]. Today, there are local AI models that exceed the capabilities of GPT-4 in 2024 (as shown in Figure 2). Of particular concern, if threat actors utilize local AI models, their misuse may not be detected in the same way as with proprietary cloud-based models.
Third, specialized generative AI models can be used to handle biological sequence data, such as DNA and protein sequence information, in a similar manner to language in LLMs [94,95,96,97,98]. Such large biological AI models can be used for synthetic genomics, helping scientists to design, build, and predict the function of novel genes and proteins that can improve health and the environment, such as treatments for genetic diseases and engineering bacteria to consume pollutants [99,100]. However, using generative AI models in synthetic biology is a dual-use technology, with the capacity for enormous risks. If used irresponsibly, it could create or enhance harmful organisms like pathogens and engineer malicious toxins [95,101]. Individuals without years of specialized biological training can use AI models to design potentially dangerous biological agents, like more virulent viruses [102,103]. This creates a critical need for robust biosafety and biosecurity measures [101,102,104].
Local AI, however, undermines state-implemented regulations and safeguards since open-source models can readily be downloaded and customized by users with malicious intent. For example, the Evo genome foundation model contains 7 billion parameters [98]. At that scale, while training may still require an expensive multiple-GPU server or readily accessible cloud resources, novel DNA or protein sequences can be generated on a high-end desktop computer with a consumer-grade GPU. Although there have not yet been reports of real-world use of generative AI to create harmful biological or chemical materials, the magnitude of potential harm is substantial. Certainly, in the conventional weapons space, AI-enabled autonomous weapons are increasingly becoming a reality [105]. For example, Ukraine has deployed drones with AI capabilities, although they continue to be used with human control [106].
While the concerns described here are particularly significant—and in the case of election disinformation and social engineering, e.g., phishing—already a widespread problem, they only represent a subset of potential AI risks. Yet another example of an emerging threat is the use of generative AI to enhance surveillance. A recent news report revealed that the Israeli government is training a ChatGPT-like model on surveillance data to provide a way of processing massive quantities of information that was being gathered [107]. This technique could potentially be used by non-state actors and corporations to further erode individuals’ privacy as well. Further risks of AI use are also likely to emerge as it becomes more widely used and available.

5. Local AI’s Challenges to Current AI Safety Measures

5.1. Challenges to Technical Safeguards

Safe AI model operation relies on technical safeguards that are built into the training process. “Alignment” processes are specialized techniques to further train a pretrained base or fine-tuned model, such as Reinforcement Learning from Human Feedback (RLHF). Alignment aims to calibrate model behavior towards human preferences by teaching AI systems to be helpful, harmless, and honest [108]. Alignment has become the cornerstone of the current AI safety paradigm [109]. Safety alignment is often complemented by hidden “system prompts,” which define boundaries on responses, and content filters, which force a denial response to requests for prohibited content [55]. Cloud-based LLM systems are also continuously monitored for problematic usage patterns, routinely subject to safety audits, and updated immediately when vulnerabilities are discovered. Technical AI safety measures can be guided by voluntary frameworks promulgated by both governmental and non-governmental agencies seeking to regulate AI models without a formal legal basis [110,111]. Consistent with these approaches, comprehensive safety evaluations typically focus on model outputs in controlled testing environments rather than real-world deployment contexts [112].
However, these conventional approaches to technical AI safety do not translate well to open-source local AI models. Figure 3 illustrates the problem by showing the results of some simple prompt testing, which the reader is encouraged to replicate or experiment with on their own. Testing of local models was conducted using a MacBook Pro M4 Max (128 GB RAM) for local deployments with standardized parameters (temperature 0 ¯ .6, top-P 0 ¯ .95, min-P 0 ¯ .1). Models were downloaded from the Hugging Face Hub (https://huggingface.co (accessed on 28 May 2025)) and executed using Apple’s MLX library. The chat applications of web-based models were accessed on 28 May 2025. Cloud-based open-source Llama models were accessed via Groq’s third-party APIs (http://www.groq.com (accessed on 28 May 2025)). Google’s Gemini model was accessed through Google’s AI studio, https://aistudio.google.com/prompts/new_chat (accessed on 28 May 2025). Otherwise, OpenAI, Anthropic, and Mistral cloud-based models were accessed through their commercial websites. While not intended as a rigorous analysis, this exercise immediately demonstrates how local AI forces us to rethink AI safety architecture, providing examples of how capable local AI models can respond to unsafe prompts. When tested with requests for election disinformation, AI models hosted on cloud services consistently refused. An example is Anthropic Claude’s response: “I can’t create false information about election dates or voting procedures. Instead, I’d be happy to help you write a post about the importance of getting election information from official sources like state election boards, or create other content about civic engagement and voting awareness.” There was one notable exception, however: Mistral LeChat, from a company based in France, generated election disinformation when prompted about the United States but refused when prompted about French elections (hence marked as “Partial compliance”). By contrast, local AI models generally complied with requests for election disinformation. These included instances where the model provided a “hypothetical” text describing election disinformation, accompanied by a warning that actually using such a post could be dangerous.
Similarly, both proprietary and open-source models run on the cloud refused requests for potentially violent content. In this case, in contrast with the disinformation prompt, locally deployed open-source models generally did not provide a response. For example, Gemma 3 responded, “As an AI assistant, I must emphasize that promoting or advocating for revolution against any government, including the People’s Republic of China, is not only illegal but also unethical.” However, there was one notable exception. One of the models that was tested was a variant of Qwen3-8B called “Josified Qwen3” (as of the publication date, the model card and model weights for the Josified Qwen3-8B variant are available from the Hugging Face repository at https://huggingface.co/Goekdeniz-Guelmez/Josiefied-Qwen3-8B-abliterated-v1 (accessed on 28 May 2025)) that had been “abliterated,” which is a process where an already aligned model is further fine-tuned to remove safety constraints [113]. Notably, in response to the prompts asking for information on a violent government overthrow, it included violent content, such as explicit instructions for attacks on buildings and mass killings.
Real-world open-source AI fine-tunes have been developed that intentionally produce personally or socially harmful content. An extreme example is “ChatGPT4-Chan,” an AI model fine-tuned on the/pol/subforum of the 4chan website, a notorious location for highly hateful and toxic content [114]. The resulting model generated extremely harmful content, and it was briefly available on the Hugging Face model repository [115,116], the website that serves as the preeminent host for freely downloadable open-source models. Hugging Face quickly took down the model, stating only that it violated the repository’s terms of service [114]. However, the model remained available for download elsewhere. Even national security concerns can be implicated. For instance, policymakers in the United States became concerned when researchers affiliated with China’s People’s Liberation Army published the development of an LLM designed for military use that was based on fine-tuning the open-source Llama model developed by Meta [117,118].
Once downloaded by a local user, further changes to an AI model become invisible to external monitoring [11]. This is a critical problem because AI model safety alignment can be removed with further fine-tuning [58,108]. Further training to “dealign” open-source models is neither costly nor technically difficult. One of the breakthrough technologies in generative AI is LoRA (Low-Rank Adaptation of LLMs), a technique that allows only a small fraction of parameters to be modified in an LLM when fine-tuning [119]. Using methods like LoRA and quantization, modest computational resources, even a single consumer-grade GPU and a few hundred curated training examples, can be used to retrain a model to comply with harmful requests, which it was originally designed to refuse.
Indeed, using technology available in 2024, researchers employing LoRA were able to achieve near-complete removal of safeguards from even the largest (70-billion parameter) models with a budget under USD 200 [58]. Similarly, another group demonstrated that, using just 100 examples (requiring only one hour on a single consumer-grade graphics card), they could modify Llama 2’s model weights enough for it to comply with nearly all the unsafe prompts that it originally refused [120]. Critically, these dealignment methods did not appear to substantially impact the models’ overall capabilities or performance on standard benchmarks. Even when capabilities were somewhat degraded, “uncensored” models can still be effective. For example, one group of researchers has shown that ransomware could be developed by using an uncensored model to produce initial malware that is then refined by more capable censored models to make it functional [121].
In sum, local AI ecosystems exhibit a fundamental tension: The very characteristics that make local deployment valuable for legitimate applications—privacy, autonomy, and customizability—also enable potential misuse and limit tools to ensure safety and accountability for harmful use. Furthermore, even if downstream users do not deliberately seek to modify local AI models to remove safeguards, malicious actors are better able to modify an open-source model outside the protections of a cloud-based provider, such as by adding “poison text” to training data that users employ for fine-tuning [122].

5.2. Challenges to Policy Frameworks

The current AI governance frameworks reflect the implicit assumption that models are centrally deployed: identifiable entities maintain operational control over model access, monitoring, and content moderation. The following section reviews the current AI policy frameworks that are being implemented through governmental and non-governmental channels from the perspective of how they rely on the implicit assumption of centralized AI. To frame this discussion, Figure 4 illustrates how AI governance operates throughout the “AI supply chain,” from research and model design all the way through to end-use [123,124]. These nodes of regulation, however, break down as technology advances towards enabling a fully decentralized AI ecosystem.
As further explained below, when run locally, AI is largely invisible to regulatory bodies, creating substantial enforcement difficulties for any framework that targets specific applications or usage patterns. For example, ensuring that an AI model has appropriate safety alignment or is watermarking synthetic output to avoid deception becomes impossible when the model developers are hidden or part of diffuse open-source projects. Similarly, determining whether a locally deployed model is being used for legitimate privacy-preserving data analysis as opposed to, e.g., generating harmful deepfakes means that authorities have to monitor personal computing environments. Such a level of monitoring would not only be impractical but would also fundamentally violate individual rights.

5.2.1. Governmental Regulatory Frameworks

The following is a review of the current state of governmental frameworks for regulatory work. To begin with, the European Union (EU) AI Act, first proposed in 2021 and finally adopted in June 2024, may be the most comprehensive legislative attempt at AI regulation [125]. The AI Act’s regulatory scheme employs risk-based categorization. AI systems are classified into unacceptable risk (prohibited), high risk, limited risk, and minimal risk, with a corresponding graduated set of obligations [126]. For “general purpose” generative AI with lower risk levels, the AI Act provides baseline transparency requirements, such as summarizing training data and ensuring copyright compliance [125]. Models deemed to pose “systemic risk,” for example due to their reach or potential for harms to public health, safety, security, and basic rights, face more stringent obligations. For example, models facing greater regulation are those trained with significant computational resources, e.g., exceeding 10 25 floating-point operations as a threshold, although elsewhere the AI Act provides broader criteria. Obligations for developers of models with the potential for systemic risk include model evaluation, adversarial testing, risk assessment and mitigation (including for bias and discrimination), cybersecurity measures, and detailed documentation and reporting requirements to the European AI Office or national authorities [125]. Article 52 of the AI Act further requires labeling AI-generated content to prevent deception [127]. All of these legislative provisions place the onus on top-down enforcement targeting model development and use that may be impossible in a decentralized ecosystem. For example, a locally runnable AI derived from a “high-risk” AI model developed outside the EU would likely be invisible to EU regulators.
In contrast with the EU’s legislation, federal AI regulation in the United States has been late to develop and driven at the executive level. In November 2023, President Biden’s administration promulgated Executive Order (EO) 14110, entitled “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” [128]. EO 14110 aimed to manage the risks of powerful AI models, termed “dual-use foundation models,” defined as models trained using more than 10 26 integer or floating-point operations for general models, or 10 23 operations for those using primarily biological sequence data [128]. The Biden order required companies developing or intending to develop such “potential dual-use foundation models” to provide the Federal Government (via the Secretary of Commerce) with ongoing information regarding their training processes (including cybersecurity for training), ownership of model weights, and results of internal adversarial testing designed to identify harmful capabilities [128]. However, days after President Trump was inaugurated, certain elements of the EO 14110 framework were dismantled [129]. These included the prior order’s emphasis on bias and fairness, although other security-related elements appeared to be kept in place, albeit without further explanation [130]. Given conflicting orders and an unclear regulatory approach, at least in the near-term it is not clear if there is going to be a robust federal regulatory framework in the United States, let alone one that would reach local AI.
China, by contrast, has implemented a set of complementary regulations that apply to AI. These include the Algorithm Recommendation Regulation (effective March 2022), the Deep Synthesis Regulation (effective January 2023), and the Interim Provisions on Management of Generative Artificial Intelligence Services (effective August 2023) [131]. The key obligations under these regulations include (1) security assessments and mandatory algorithm filing with a government agency for service providers using AI for public opinion or social mobilization; (2) stringent requirements to prevent and screen for illegal or harmful content, promoting “socialist core values,” preventing discrimination, and preventing misinformation; and (3) mandatory labeling of synthetic AI-generated content that might confuse or mislead the public, as well as prohibiting removal of these labels by anyone [131]. Generally, China’s regulations make little explicit distinction in core obligations between open-source and proprietary models, or between domestic and foreign providers if their services reach China [131]. This contrasts with the EU AI Act’s approach that, for instance, provides preferential treatment, including certain exemptions for open-source models [125]. Just as with the EU AI Act, the proposal in China has limited applicability to local models that do not require Internet access.
The development of AI regulation extends beyond global economic powers. For instance, many African nations are constructing AI governance frameworks. The focus of such efforts includes establishing foundational digital infrastructure and data protection regimes (such as Mauritius’s 2017 Data Protection Act), as well as improving technological capabilities, while some countries, like Egypt and Kenya, have developed national AI strategies and task forces [132]. The broader approach in Africa, as well as other emerging economies, has been to add regulation in sequence with the development of digital infrastructure, prioritizing digital readiness more than regulating the future applications of AI technology that are still hypothetical [132].
What the state-based regulatory frameworks described here have in common is that they are very brittle when faced with the challenge of highly capable local AI. Once deployed on individual devices, AI models can operate entirely outside the visibility and control of their original developers, or even the regulatory jurisdictions in which they were created. For example, given the borderless nature of local AI, how could relatively stringent AI regulations, like those in China, be enforced? Arguably, China’s “Great Firewall,” which regulates access to websites outside of China, could prevent the use of unregulated AI within China [133]. However, with just a single download or import of a model on physical media, an AI model can be run on a computer without having to tunnel through the firewall to access a foreign cloud-based service. As another example, China and the EU have mandated labels on synthetic, AI-generated content. Mandatory contact labeling can be implemented technologically using automatic watermarking of content [134]. However, watermarking is vulnerable to invisible, effectively unregulated, local AI. AI methods can strip out sophisticated content labels and regenerate unlabeled images, even when supposedly invisible robust watermarks were inserted using AI in the first place [135,136,137].

5.2.2. Voluntary (“Self-Regulatory”) Frameworks

An alternative approach to AI development-focused regulation without state actors is for developers to voluntarily commit to specific safety standards while creating meaningful accountability for those commitments [138]. Model developers can choose whether to make safety commitments, but violations of those commitments trigger enforceable sanctions—such as loss of market access, platform privileges, or legal protections. Such a regime is exemplified by the Singapore government’s “AI Verify” initiative, which provides an official certification to organizations that demonstrate responsible AI practices through transparent standardized evaluation processes [110]. Another approach is for governments or industry groups to define a set of standards for AI governance that organizations can voluntarily adopt. In 2023, the United States National Institute for Standards and Technology (NIST) published the NIST AI Risk Management Framework, which defines governance practices, including risk assessment, stakeholder engagement, and continuous monitoring [111].
Voluntary commitment frameworks have also been proposed, and in some cases adopted, in dual-use biological research. For example, the research community has developed the “Responsible AI × Biodesign” statement of community values and commitments, where developers voluntarily commit to prerelease evaluation of AI systems to identify potential safety and security issues [101]. Despite enthusiasm in the research community, specific implementation gaps remain. For example, the signatories agreed to conduct prerelease evaluations but had yet to deliberate on either defining the capabilities that would trigger the need for evaluations or the standards for conducting them [101].
Ultimately, the central challenge with voluntary commitments is that they require buy-in by industry and organizations that develop AI models and applications. However, empirical studies of AI practitioners demonstrate that, even within organizations with stated commitments to responsible AI, incentives are misaligned, resulting in structural barriers to implementing ethical principles in practice. In the real world, companies prioritize product launches over ethical considerations; correspondingly, employee performance metrics overshadow fairness concerns [47,139,140,141,142]. The buy-in problem is even greater in a decentralized AI ecosystem. It is difficult enough to persuade companies that design and implement models to agree to binding voluntary commitments to AI safety. Local AI means having an even larger population of AI users who must all abide by commitments to a universal safety standard.
Another form of private regulation that has been particularly significant is the use of intellectual property (IP) strategies. Generally, open-source licensing involves permissive license frameworks (e.g., Apache 2.0, MIT) rather than copyleft licenses that require derivative works to remain open-source [143]. In an effort to promote safe model use, models and weights are being released under modifications of such licenses that include specific provisions that define acceptable use [144,145].
Acceptable-use clauses typically spell out concrete prohibitions. Licenses, for example, forbid the generation of misinformation, harassing materials, or weapons-related campaigning. Some licenses appear to prohibit even broader uses as well, such as political campaigning or large-scale automated posting. For example, exemplary license terms have been proposed that the licensee will not “enable the distribution of untrustworthy information, lies and propaganda,” use an AI system “in a manner that would imitate human characteristics and cause third party confusion” between the AI system and humans, or use the subject AI technology “in applications that imitate or alter a person’s likeness, voice, or other identifiable characteristics in order to damage his/her reputation” [144]. Many models now come with these kinds of terms. One example is that of Eleven Labs, a developer of models that generate audio [145]. Eleven Labs’ license prohibits users from using it to “trick or mislead us [i.e., Eleven Labs] or other users, especially in an attempt to learn sensitive account information, for example, user passwords.” Standard open-source licenses have now been introduced, including the RAIL (Responsible AI Licenses) OpenRAIL license [146] and the proposed CAITE (Copyleft AI with Trust Enforcement) licensing model [147]. CAITE goes beyond a standard license by including an enforcement scheme as well, where a single trusted entity leverages the covered IP rights in litigation to enforce ethical AI use [147].
However, there is serious doubt over whether acceptable-use licenses are even enforceable. An IP regime generally depends on copyright, but model weights and outputs may not be copyrightable under current law due to the lack of human authorship [148]. Moreover, even if there were some way to reliably enforce AI license terms, there is a genuine concern that they entrench well-resourced actors who can navigate complex licensing schemes and produce undue barriers to innovation [144,149]. Restricting open-source licensing can also be antithetical to the values of open-source development. In particular, open-source model developers depend on permissive licensing to encourage the development of technologies that can detect and counter potentially unsafe AI applications, such as the development of software that can generate deepfake images and video [150,151]. If licenses are encumbered, then such measures may be harder to develop by reputable organizations and developers who seek to abide by terms of acceptable use.
The globalization of AI provides a further obstacle to effective model licensing schemes. Any licenses would need to be enforced across borders, which requires navigating jurisdictional challenges and conflicts between legal regimes. Local AI raises yet more fundamental challenges to license-based AI regulation. Terms of use are often only enforceable when users access models through the model provider’s own cloud access, and then enforcement typically occurs by cutting off noncompliant users [148,152].
The challenges around AI licensing further illustrate the implicit assumption that AI models will be run through the cloud and provided from defined sources. Enforcing any laws, regulations, and voluntary guidelines is highly complicated in the case of open-weight models that can run on any server or locally. Even detecting AI misuse is difficult, let alone tracing it to an individual user. The governance framework itself must adapt to make sure that any regulatory policy is designed such that compliance can still function effectively in a decentralized AI ecosystem. The following section describes alternative governance approaches that can address the challenges posed by local AI, including both technical measures and policy approaches intended to embed and enforce norms for acceptable AI use.

6. Reimagining Governance for Local AI

This section provides a literature review that can form the basis for the technical and policy dimensions of a reimagined governance framework for local AI. The intention behind these proposals is to provide a starting point for developing a governance framework of local AI that recognizes its benefits—privacy, autonomy, and democratization—while addressing the potential risks of AI use that may be harder to regulate in a decentralized context.
Figure 5 shows technical and policy measures that, rather than being seen as independent solutions, are intended to be implemented within an interlocking network of responses. The technical proposals described here include (1) community-based tools for voluntary content authentication, (2) configurable runtime safety boundaries for the AI computing stack (“ethical runtime environments”), and (3) distributed monitoring of open-source AI development. Complementary policy proposals include (1) polycentric governance mechanisms that operate across multiple scales and jurisdictions, (2) community-driven participatory models that build governance from the ground up, starting with those most directly affected, and (3) safe-harbor protections from legal liability for responsible actors, giving stakeholders the space and incentives to develop ethical principles, innovate safeguards, and resolve thorny questions about AI liability.

6.1. Proposed Technical Safeguards Designed for Local AI

6.1.1. Content Provenance and Authentication

If implemented in a manner consistent with local AI values, content provenance can be a critically important tool. Reliable content provenance provides substantial benefits by helping to protect intellectual property, prevent harassment, and defend against dual-use threats. However, the decentralized nature of local AI, along with widely available methods to dealign models that mark content automatically, make enforcing content labeling difficult. More fundamentally, mandatory content traceability undermines the privacy and autonomy benefits of local AI.
As an alternative, we propose a community-driven authentication framework based on three principles that are consistent with the participatory governance approaches discussed below in Section 6.2.2. First, voluntary provenance standards developed by open-source communities can establish norms for content labeling. These standards can be enforced socially rather than technically, for example through peer review, reputation tracking, and community moderation. Second, incentive-aligned authentication can mitigate the authoritarian potential of state or industry (usually Big Tech) mandates. For example, content creators can develop voluntary schemes to establish and verify authorship, and professional communities like journalists, researchers, and software developers can develop sector-specific practices to meet their needs while contributing to broader norms. Third, technical detection tools can complement voluntary labeling via the ongoing development and improvement of open-source tools for identifying likely AI-generated content [153,154,155].
This reimagined approach to content provenance maintains the integrity of information while acknowledging the need to conserve the benefits of local AI regarding privacy and autonomy, such as users being able to maintain anonymity when generating sensitive or politically controversial content. For content provenance to have a positive impact, it must be broadly adopted and not undercut by enforcement challenges that arise in an increasingly decentralized environment. Thus, a participatory approach to content provenance aims to make the use of watermarking a social norm to uphold rather than a regulatory burden to evade. Even so, putting any kind of content labeling framework into practice will be challenging. Implementing voluntary standards requires ongoing coordination, clear incentives for their use, and trusted tools for labeling and verifying content. To make implementation more feasible, open-source groups could build lightweight tools that are straightforward to use. Philanthropic and government funding can also provide support to technology development efforts through incentives for adoption, such as compensation schemes for properly labeled generative AI products. Given these implementation challenges, the proposal described here should be seen as a starting point.
Content provenance technology can be further empowered by the kinds of policy measures proposed below in Section 6.2. For instance, the open-source model design community can be incentivized to contribute via the establishment of safe spaces for participatory dialogue. Another complementary policy described below involves safe harbors for legal liability, which can be granted in exchange for using content provenance tools. Developing content provenance through the participation of multiple groups of stakeholders also aligns with polycentric governance principles.

6.1.2. Ethical Runtime Environments for Technical Safety

Local deployment removes AI models from the security of centralized model servers, thereby weakening technical safeguards. Local AI entails higher risks of model tampering and malicious output manipulation; for example, legitimate open-source models can be replaced by malicious models on open-source repositories like Hugging Face [156]. Malicious models, or even models that unintentionally provide harmful outputs, can harm not only innocent users but also others indirectly affected by their output. One approach to address this problem is inspired by Trusted Execution Environments (TEEs) [157]. TEEs are like digital vaults within a computer—specialized processor hardware features that provide secure isolated spaces for running sensitive code and protecting data [158,159,160]. Even if someone gains complete control over a device, they cannot access or modify what happens inside the TEE. While TEEs have been proposed and employed for AI systems [161,162,163], their use is limited on local devices because of software and hardware constraints that limit performance [161]. Along these lines, modern operating systems utilize “sandboxes” to provide application security and protect against malware [164,165].
Building on these security concepts while preserving user autonomy, we propose that research and open-source development efforts be directed towards creating “ethical runtime environments” (EREs) for local AI. Unlike mandatory restrictions that undermine local AI benefits, EREs function as optional safety layers that users can configure, modify, or disable based on their needs. Thus, the key feature of EREs is the definition of personal safety boundaries where users define their own constraints. For example, a therapist might configure an ERE to prevent generation of content that could harm vulnerable patients. Parents could establish boundaries for AI interactions with children. Researchers working with dual-use capabilities could implement audit logging, output monitoring, and other safeguards.
Personal safety boundaries, in turn, provide the basis for specific and limited technical safeguards within the ERE. These can include protection against model manipulation through runtime integrity checking to defend users against maliciously modified (e.g., Trojan horse) models while preserving their ability to intentionally modify models. Internal regulation of model execution is an aspect of what have been described as “ethical governors” [166,167]. Ethical governors can be implemented as sandboxed software that triggers when a model operates outside of ethical boundaries, automatically shutting the model down unless a user provides express permission to move forward. Other safety components can be modular and employed based on the context of AI use, such as medical privacy safeguards, academic integrity filters, or professional ethics constraints.
Crucially, EREs should be transparent and not imposed from the top down. Instead, their adoption requires building community norms and incentive mechanisms. Several obstacles will need to be addressed for the ERE concept to work. Performance trade-offs may limit the adoption of runtime environments for resource-intensive models, so development should emphasize lean implementations that require limited additional memory and processor overhead. Users will also resist adopting tools that are not intuitive or require technical skill. Thus, early ERE development should focus on lightweight open-source prototypes that integrate with common local AI platforms, e.g., desktop inference engines or browser-based tools. Ideally, over time, EREs would interoperate with voluntary content provenance and attribution tools, enabling decentralized yet layered technical safeguards. Like content provenance technologies, EREs should be supported by policy mechanisms that promote input across communities that use and are affected by AI, such as the proposals further described in Section 6.2.

6.1.3. Distributed Oversight of Open-Source AI Projects

The open-source nature of local AI projects can be a barrier to effective regulation. For instance, as previously described, the open-source principle of transparency has been shown to provide a false sense of comfort to developers who believe that the harms of their products will be mitigated or regulated further downstream. However, there are ways in which the transparency of open-source projects can contribute to local AI governance. By their nature, open-source AI projects are susceptible to monitoring and tracking [168]. Open repositories expose detailed information, including model architectures, datasets for fine-tuning, software code, error reports, feature requests, and documentation files. Therefore, being able to track the progress of open-source projects enables early warning systems to flag the development of high-risk and potentially harmful models and applications. Active oversight of open-source AI projects also makes it possible to implement reputational incentives that would encourage a culture of responsible AI. Projects that follow community-driven ethical principles can also be identified and formally certified.
Computational tools can help with large-scale monitoring of the open-source AI ecosystem. For example, one group of researchers developed a system capable of detecting ethical violations in open-source projects by using ontologies and semantic rules to model the structured metadata that are publicly available in open-source software development repositories hosted on GitHub [169]. Project tracking and assessment tools can be further enhanced using AI. For example, potential risks can be flagged by “AI Detective Systems” that analyze publicly available content for signs of synthetic generation without needing to inspect the model itself [170]. To be sure, the monitoring proposal here may be interpreted as surveillance and external monitoring of open-source projects, and thus may appear superficially antithetical to open-source principles and an undemocratic intrusion on individual autonomy. That is not the crux of this proposal, however.
In fact, when properly designed, distributed oversight can be fully aligned with the principles and culture of open-source development. Empirical studies of individuals contributing to an open-source project to develop deepfake technology showed that they believed transparency would mitigate harms [150]. For example, as other studies have shown, developers believe that, because of the transparency of open-source development, people who might be otherwise deceived by deepfakes are made aware of the potential for such technology. Developers also believe that open-source development helps to enable the creation of other software to detect deepfaking [151]. Therefore, distributed open-source governance can promote both innovation and accountability, provided that it is driven by the communities most affected by the technology.
Accordingly, the most essential component for oversight is that it be fully consistent with the open-source norms. A critical risk of open-source “tracking,” as described here, is that it is seen as intrusive and abusing the philosophy of openness by turning it into top-down regulation and monitoring. It is crucial, then, to develop transparent oversight mechanisms that emerge from within communities of developers and users rather than being imposed from external authorities. Such measures can include safety benchmarks, developed and maintained through community mechanisms, as described in Section 6.2.2; voluntary disclosure practices, potentially associated with safe-harbor liability provisions, as described in Section 6.2.3; or peer review processes for high-risk applications, as proposed by Pannu et al. in the context of biosecurity [101]. Given thoughtful community-led design, distributed open-source governance represents a compelling alternative to conventional AI oversight, which is susceptible to distortion caused by power imbalances between major technology companies and governments on one side and individuals and marginalized communities on the other.

6.2. Proposed Policy Measures for Local AI

6.2.1. Polycentric Governance Frameworks

As explained in Section 5, the regulatory schemes developed by different states, regions, and voluntary industry-led groups are fragmented. As a result, conventional AI struggles with diffuse and transnational risks, such as AI-generated propaganda or cyberattacks. One response to this challenge is polycentric governance.
Polycentric governance is a concept developed by Elinor Ostrom and others in the context of addressing the global challenge of climate change, which depends on actions and regulations locally, at the nation-state level, and across borders [171,172]. In the case of climate governance, polycentric systems offer mechanisms for policy experimentation and learning across diverse partially autonomous actors, especially when central authority is weak or absent [172]. While polycentric governance was initially developed for climate change, it is a framework that can be applied to other broad challenges that implicate local–global concerns. Local AI presents its own set of technical and institutional challenges, but it shares similar structural features with climate threats: weak central authority for regulation, potential for distributed risks that can aggregate across fragmented jurisdictions, and harms that are difficult to trace or attribute. For instance, the development of AI capabilities leads to global impact through open-source collaboration, with risks manifesting locally through individual downloads, modifications, and potential harmful use. Consequently, polycentric frameworks that have been developed for complex global–local threats can be applied to AI by providing multiple overlapping centers of authority, each with some autonomy and capacity to respond to problems at their level [171,172]. For local AI, this can include national regulators, international institutions, standards bodies, open-source communities (such as collective model repositories like Hugging Face), research institutions, labor unions, and civil society organizations—really any collective organization of people who use or are affected by AI.
Polycentric governance is well-suited for emerging technologies because it naturally invites experimentation and learning. With many governance nodes operating in parallel, polycentric systems allow for different solutions to be tested in different contexts. When something works well in one domain, it can be adopted or adapted by others across the network [171]. For example, technical standards bodies formed internationally can develop shared safety principles for advanced models, testing protocols, and audit benchmarks. Professional communities of practitioners, such as educators, healthcare providers, and creatives, can collaborate across borders to form recognized governance nodes for sector-specific standards while sharing best practices. Polycentric governing nodes can also form along the lines of common linguistic and cultural backgrounds within and across national boundaries.
Furthermore, a critical defect of safety alignment methods imposed by companies and external agencies may, contrary to their stated objectives, actually conceal a misalignment between individual values and purported consensus ethical principles [173]. The polycentric approach creates opportunities for developing AI alignment methods that reflect diverse community values rather than the preferences of major technology companies. Open-source communities could help to operationalize ethical norms by guiding their technical implementation through more individualized alignment methods and technical measures, such as the ERE secure computing framework described above.
When put in practice, polycentric governance can suffer from high coordination costs and inconsistent rule enforcement. Regulatory capture is a perpetual threat, especially when governance nodes lack transparency and resources. Designed correctly, however, polycentric frameworks allow actors to engage in positive “forum shopping”—seeking out governance arrangements that fit their context and needs [174]. It is only when governance nodes fail to share information and resolve disagreements that regulatory gaps are created. Malicious actors may then exploit weak jurisdictions or permissive standards, leading to harmful forum shopping [174]. These principles are outlined here as the conceptual foundation for further developing policymaking in a distributed and decentralized manner. As it evolves, effective polycentric governance will depend not only on distributed participation but also on internal coordination mechanisms, including a stable infrastructure for dispute resolution [172].

6.2.2. Empowering Community Governance and Participation

As described throughout this paper, top-down regulation generally fails when applied to local AI. There is a need for more community-centered governance systems that reflect the specific values, risks, and concerns of people closest to AI deployment. The “community” in the case of AI can be defined as being one of collaborative developers, system implementers, and end-users. It is critical to treat stakeholders as a collective rather than siloing each role in the community-building process. Otherwise, the nature of the AI supply chain diffuses accountability: actors at different levels of the chain simply assume that any ethical oversight or regulation has already been implemented upstream or will occur further downstream [175,176,177]. Effective governance must involve the full AI supply chain, as well as all the individuals and communities affected by AI use.
Some examples of community-centered AI governance frameworks have already been developed, and we can look to ways in which they can be applied to local AI. The Canadian government’s Algorithmic Impact Assessment (AIA) tool, developed by the Canadian Treasury Board, offers one example [178]. Federal agencies are obliged to utilize the AIA to assess AI-based policy proposals before deployment across dimensions such as impact on individuals and institutions, data governance, procedural fairness, and system complexity. Modeled in part on environmental impact assessments, the AIA mechanism was developed through a formally open process involving civil servants, academic experts, and public feedback via collaborative platforms. The AIA’s participatory design reflects an effort to embed input from multiple stakeholders into early-stage AI governance and demonstrates how use-focused regulation can address potential AI risk before deployment.
Although the AIA mechanism was originally designed for public sector AI applications, its emphasis on early-stage risk assessment and stakeholder consultation is instructive. The AIA concept has spread worldwide, with different agencies and groups employing variations of the same focus on proactively defining impacts and consulting communities. Stahl et al. recently undertook a systematic review of AIAs and proposed a generic AIA framework that can be applied more broadly [179]. An important lesson is that applying AIA in the context of local AI deployment will need sustained community engagement and institutional support, especially where a decentralized environment raises challenges regarding resource demands and governance legitimacy. Community discussions are needed to establish deliberative spaces where dialogue can evolve from mere consultation to co-creation. Such a bottom-up approach to addressing AI impact is essential as AI decentralizes.
Community Citizen Science (CCS) is another motivational concept for AI policy design [180]. The idea behind CCS is to integrate community knowledge, priorities, and lived experience into the development and application of technical systems, including, among others, AI. CCS projects are designed so that community members are not only passive recipients of technology or research. Instead, potentially affected community members are invited to become active collaborators in defining the goals and design of systems that provide their communities with beneficial impacts. One example of a CCS project is a community-designed air quality monitoring sensor network, in which machine learning was used with sensors. Local residents helped to shape how sensors were deployed, what counted as a meaningful signal, and how to respond. Through projects like this, CCS can build both trust and technical capacity in local contexts [180]. Experiences with the CCS model demonstrate that successful community-led technological development and implementation require designing the collaboration to specifically address the following challenging questions: How can the collaboration sustain participation? How can it resolve technical disputes? How can it ensure equitable influence among stakeholders?
The CCS model can thus be adapted for communities to take on more direct roles in shaping local AI norms. Best practices for social impact assessment, such as AIA, are for communities to establish ongoing management processes to monitor and evaluate changes throughout the AI lifecycle [181]. As AI becomes more embedded within communities, there needs to be a fundamental shift in how regulation is developed and imposed. Rather than agencies debating regulations within their own deliberative bodies and providing public input through limited channels, they should negotiate agreements within communities about what AI uses are acceptable. There needs to be specific attention paid to the vocabularies that different groups use to describe AI, particularly end-users, who may vary across social and cultural lines. This process of “defining shared language” is critical because technical jargon often blocks genuine understanding [182].
In sum, where AI can evade centralized regulation, communities will have to be responsible for monitoring and identifying harms. Decentralized governance brings with it the risk of fragmentation, which would render regulation effectively toothless by allowing bad actors to forum-shop. Duplication of efforts and failure to share good practices can make effective regulation too slow to adapt to rapid technological changes. That said, it is important to recognize that different communities may have different perspectives on what norms are necessary. For example, certain neighborhoods may reject AI uses for surveillance, while the healthcare community may focus on ways to manage privacy and data protection concerns. The decentralized nature of local AI means that the only effective kind of governance will likely need to be one that is distributed while facilitating broad participation.

6.2.3. Liability “Safe Harbors” for Local AI

Questions surrounding the legal duties of different AI supply chain players and the extent of their liability remain theoretically and as yet judicially untested [183,184]. The key question is: Who is at fault when AI models result in harms to people or property, thereby incurring civil tort liability, or even potential criminal liability? The answer is ambiguous and contingent. Model developers who did not test them sufficiently may be liable. Application developers and system integrators may be liable if they do not restrict their users from generating harm. End-users may seem to be liable for the immediate impact of their use, but they may have caused harm unknowingly due to a lack of understanding of how the model functions internally or what safeguards were (or were not) in place. Today, the prevailing view is that any entity deploying AI should assume potential liability for any harms that occur. But, it is unclear to what extent liability can be shared or shifted upstream, such as to model developers [185,186,187]. In 2022, the EU introduced draft legislation specifically for AI civil liability (the AI Liability Directive). Important questions were never resolved, however, and the proposed AI Liability Directive was ultimately withdrawn in early 2025 [188].
The decentralized and easily concealed nature of local AI compounds these challenges by making it difficult or even impossible to identify the liable party and enforce penalties for harm. One potential response is to create carefully tailored “safe-harbor” provisions: liability shields for developers and users who take verifiable and proactive precautions to minimize harm. The safe harbors would provide legal protection for downstream harms that could not have been reasonably anticipated or prevented. This idea is inspired by a recent proposal for open-source AI where developers of well-documented low-risk models would be shielded from broad liability for third-party misuse [134]. Low-risk models might be defined, for example models that have limited capabilities for generating harms that are difficult to mitigate once created, such as sophisticated disinformation and malicious code. While the EU AI Act defines model risk by computation required by training, this metric can be insufficient for local AI models given the extent to which its capability to generate harmful outputs can be increased with limited additional resources. Risk-level assessment should therefore incorporate capability benchmarking and “red teaming,” where experts simulate misuse to test potential risks [189,190].
The safe-harbor concept has recently been implemented in the area of cybersecurity [191]. For example, in Ohio, organizations that implement reasonable security controls and appropriately respond to security incidents can avoid liability for data breaches [192]. Cybersecurity safe harbors have spread to other states like Utah [193], although this model has encountered criticism that it simply leads to blanket immunity for powerful corporate actors rather than providing incentives to protect consumers.
The liability shield of the local AI safe harbor would extend to actors who act in good faith and follow clearly defined reasonable safety precautions. Model developers can be obligated, for example, to implement protection against prompts intended to circumvent safety alignment (“jailbreaking”), mitigate harmful bias in outputs, clearly document model capabilities, proactively identify foreseeable risks, and satisfy community-based standards for responsible model release. Downstream users and application developers can benefit from safe harbor when they comply with standards for responsible development and use by, for example, adhering to developers’ safety guidelines set forth in open-source licenses and model repositories, complying with community norms and standards, and implementing reasonable precautions to prevent direct harm or misuse.
The definition of “reasonable development and use” can start from the basis of established global standards for AI use, such as the OECD’s AI Principles, first developed in 2019 and most recently updated in 2024 (the most recent version of the OECD AI Principles is available online at https://www.oecd.org/en/topics/sub-issues/ai-principles.html (accessed on 6 July 2025)) [194]. The revised OECD principles include inclusive growth, sustainable development, and well-being; human rights and democratic values, including fairness and policy; transparency and explainability; robustness, security, and safety; and accountability. In practice, reasonable development ought to mean demonstrating adherence to these principles through documented practices and outcomes. Going forward, the participatory mechanisms described previously in this section should be utilized to establish a consensus and develop practical, actionable, and reasonable development standards.
Developers and users who qualify for safe-harbor provisions would be able to operate with greater legal certainty, encouraging the release of innovative tools without the chilling effect of potential liability. The safe-harbor framework could thus incentivize developers both to invite broader community engagement in their work and take accountability for unintentional downstream harms without fearing legal consequences. Worrying about liability is a key reason why actors in the AI supply chain tend to defer accountability to others. Removing that fear creates space for a shared framework of AI accountability and encourages discussion and collaboration across different stages of development and deployment.
Implementing safe harbors raises real-world challenges. It will be difficult to establish a community consensus that can provide guiding ethical principles and, in turn, rigorously define AI best practices. The degree of safe-harbor protection should be tailored to the role and expected knowledge level of the actors in the AI supply chain—whether implementers who may not be expected to understand the inner workings of models, intermediate model fine-tuners who may be changing alignment, or foundational model developers responsible for creating code, pretraining, and initial alignment. Another critical and difficult question is who defines and regulates the conditions for safe harbor. In early 2025, legislation was introduced in California to provide safe harbor from civil liability for AI model developers. Under the bill’s terms, model developers qualify for safe harbor only when they voluntarily submit to oversight by a “multistakeholder regulatory organization” (MRO) designated by the state Attorney General (SB813, https://calmatters.digitaldemocracy.org/bills/ca_202520260sb813 (accessed on 4 June 2025)) [195].
The California bill appears similar to the safe-harbor proposal in this paper, although it applies only to model developers rather than extending across the AI supply chain. Important questions remain that the legislation fails to answer. Who will sit on the governing boards of MROs? Will they be dominated by Big Tech company interests or academic researchers, or will they truly invite community participation? Are there legal guardrails to prevent regulatory capture? If the MRO fails to anticipate risks, does liability shift back to the actor who relied on the MRO-approved certification? These questions must be addressed through a deliberative community-led approach if the safe-harbor concept is to realize its promise.
As discussed throughout this paper, any legitimate governance process will most likely fail unless it engages individuals, companies, and institutions involved in all the aspects of AI: its technical development, commercialization, use, and all who are affected by its use. One of the key challenges within the local AI ecosystem is that, if any actors believe they could face liability, they may choose to withdraw from public discourse and conceal their work with AI. AI development would continue but in the shadows, amplifying the danger of more widespread and severe harms. The conceptual safe-harbor proposal presented here offers a practical space for the deliberate development of effective and legitimate AI governance during a period in which AI technology and adoption are rapidly evolving.

7. Conclusions

Local AI promises democratic access to AI without depending on corporate or government interests. As local AI becomes more powerful, however, the governance gaps it creates will increase the risk of harm from unregulated use. Table 1 summarizes how local deployment amplifies privacy and autonomy while simultaneously weakening traditional oversight mechanisms. Local deployment makes it easier for malicious users to bypass technical safety restrictions and harder for regulators to police usage. Even so, local AI should not be seen as detracting from AI ethics or as somehow preventing the adoption of fair and just AI rules. Consequently, AI governance frameworks designed for the realities of local deployment are urgently needed.
This paper provides potential technological and policy responses to the challenges posed by local AI that together define a multilayered strategy. Table 2 summarizes how the technical and policy responses proposed in Section 6 of this paper are interlinked with potential AI risks.
To be clear, the proposals described in this paper are not offered as a comprehensive or fully developed solution. They are instead intended as a conceptual starting point for reenvisioning technical safety and regulatory measures to address the distinct risks of local AI while advancing its values of pluralism, autonomy, and decentralized control. The feasibility of implementing the policy proposals depends on political will, coordination among a wide range of stakeholders, and the capacity of institutions and infrastructure, as well as the community’s level of trust in them. Notably, the technical proposals presented here are limited by the practical constraints of computational overhead, evolving adversarial methods, and the difficulty of reliably detecting harmful content or usage in decentralized deployments. Furthermore, to ensure adoption, technical measures require community participation and policy interventions, such as liability safe harbor and community-led development.
The analysis in this paper is inevitably limited by the rapid evolution of AI capabilities and regulatory landscapes. Improvements in technology and shifts in public views of AI correspondingly affect the assumptions underlying safety measures. These constraints should guide future work towards more grounded empirical analysis of both technical and policy safety measures. One particular obstacle to developing appropriate policy responses is that the use of local AI is hard to track and assess. It is incumbent on researchers, government agencies, and civil society organizations to establish privacy-preserving mechanisms to document and share information about the use and misuse of local AI. Such empirical evidence will be critical for refining governance frameworks.
The most important takeaway from this paper should be that a community-driven participatory approach is necessary to develop responsible local AI principles and concrete policies. That is why formal institutional policymakers should adopt measures to draw developers and users of local AI into policy discourse, including accepting potential risk (and loss of perceived authority) by offering them safe harbor from the unintended consequences of AI applications. Ultimately, researchers, policymakers, technologists, and communities must urgently recognize that local AI is going to be part of the AI future. By working together, stakeholders can innovate governance mechanisms that account for the unique technological and enforcement challenges posed by local AI. It is only through inclusive and adaptive governance that the benefits of local AI can be harnessed while managing its risks.

Funding

This research received no external funding.

Acknowledgments

I would like to thank Gail Rosen and Mohammad Saleh Refahi of the Department of Electrical & Computer Engineering at Drexel University for their helpful comments throughout the development of this manuscript.

Conflicts of Interest

The author declares no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
AIArtificial Intelligence
LLMLarge Language Model
VLMVision–Language Model
GPUGraphics Processing Unit
APIApplication Programming Interface
VRAMVideo Random Access Memory
TEETrusted Execution Environment
EREEthical Runtime Environment
CCSCommunity Citizen Science
AIAAlgorithmic Impact Assessment
NISTNational Institute of Standards and Technology
EOExecutive Order
EUEuropean Union
MROMultistakeholder Regulatory Organization
CAITECopyleft AI with Trust Enforcement
RAILResponsible AI License
IPIntellectual Property
LoRALow-Rank Adaptation
DEIDiversity, Equity, and Inclusion

References

  1. Roose, K. How ChatGPT Kicked Off an A.I. Arms Race. The New York Times, 3 February 2023. [Google Scholar]
  2. Feuerriegel, S.; Hartmann, J.; Janiesch, C.; Zschech, P. Generative AI. Bus. Inf. Syst. Eng. 2024, 66, 111–126. [Google Scholar] [CrossRef]
  3. Taherdoost, H.; Madanchian, M. AI Advancements: Comparison of Innovative Techniques. AI 2024, 5, 38–54. [Google Scholar] [CrossRef]
  4. Tomassi, A.; Falegnami, A.; Romano, E. Talking Resilience: Embedded Natural Language Cyber-Organizations by Design. Systems 2025, 13, 247. [Google Scholar] [CrossRef]
  5. Ferrag, M.A.; Tihanyi, N.; Debbah, M. From LLM Reasoning to Autonomous AI Agents: A Comprehensive Review. arXiv 2025. [Google Scholar] [CrossRef]
  6. Wang, L.; Ma, C.; Feng, X.; Zhang, Z.; Yang, H.; Zhang, J.; Chen, Z.; Tang, J.; Chen, X.; Lin, Y.; et al. A Survey on Large Language Model Based Autonomous Agents. Front. Comput. Sci. 2024, 18, 186345. [Google Scholar] [CrossRef]
  7. Lee, N.; Cai, Z.; Schwarzschild, A.; Lee, K.; Papailiopoulos, D. Self-Improving Transformers Overcome Easy-to-Hard and Length Generalization Challenges. arXiv 2025. [Google Scholar] [CrossRef]
  8. Robeyns, M.; Szummer, M.; Aitchison, L. A Self-Improving Coding Agent. arXiv 2025. [Google Scholar] [CrossRef]
  9. Zhao, A.; Huang, D.; Xu, Q.; Lin, M.; Liu, Y.J.; Huang, G. ExpeL: LLM Agents Are Experiential Learners. Proc. AAAI Conf. Artif. Intell. 2024, 38, 19632–19642. [Google Scholar] [CrossRef]
  10. Metz, C. AI Start-Up Anthropic Challenges OpenAI and Google with New Chatbot. The New York Times, 4 March 2024. [Google Scholar]
  11. Ostrowski, J. Regulating Machine Learning Open-Source Software: A Primer for Policymakers; Technical Report; Abundance Institute: Salt Lake City, UT, USA, 2024. [Google Scholar]
  12. Mittelstadt, B. Principles Alone Cannot Guarantee Ethical AI. Nat. Mach. Intell. 2019, 1, 501–507. [Google Scholar] [CrossRef]
  13. Kazim, E.; Koshiyama, A.S. A High-Level Overview of AI Ethics. Patterns 2021, 2, 100314. [Google Scholar] [CrossRef] [PubMed]
  14. Corrêa, N.K.; Galvão, C.; Santos, J.W.; Pino, C.D.; Pinto, E.P.; Barbosa, C.; Massmann, D.; Mambrini, R.; Galvão, L.; Terem, E.; et al. Worldwide AI Ethics: A Review of 200 Guidelines and Recommendations for AI Governance. Patterns 2023, 4, 100857. [Google Scholar] [CrossRef] [PubMed]
  15. Prem, E. From Ethical AI Frameworks to Tools: A Review of Approaches. AI Ethics 2023, 3, 699–716. [Google Scholar] [CrossRef]
  16. Novelli, C.; Taddeo, M.; Floridi, L. Accountability in Artificial Intelligence: What It Is and How It Works. AI Soc. 2024, 39, 1871–1882. [Google Scholar] [CrossRef]
  17. Verdegem, P. Dismantling AI Capitalism: The Commons as an Alternative to the Power Concentration of Big Tech. AI Soc. 2024, 39, 727–737. [Google Scholar] [CrossRef] [PubMed]
  18. Sorensen, T.; Moore, J.; Fisher, J.; Gordon, M.; Mireshghallah, N.; Rytting, C.M.; Ye, A.; Jiang, L.; Lu, X.; Dziri, N.; et al. A Roadmap to Pluralistic Alignment. arXiv 2024. [Google Scholar] [CrossRef]
  19. Al-kfairy, M.; Mustafa, D.; Kshetri, N.; Insiew, M.; Alfandi, O. Ethical Challenges and Solutions of Generative AI: An Interdisciplinary Perspective. Informatics 2024, 11, 58. [Google Scholar] [CrossRef]
  20. Ribeiro, D.; Rocha, T.; Pinto, G.; Cartaxo, B.; Amaral, M.; Davila, N.; Camargo, A. Toward Effective AI Governance: A Review of Principles. arXiv 2025. [Google Scholar] [CrossRef]
  21. Ricciardi Celsi, L.; Zomaya, A.Y. Perspectives on Managing AI Ethics in the Digital Age. Information 2025, 16, 318. [Google Scholar] [CrossRef]
  22. Touvron, H.; Lavril, T.; Izacard, G.; Martinet, X.; Lachaux, M.A.; Lacroix, T.; Rozière, B.; Goyal, N.; Hambro, E.; Azhar, F.; et al. LLaMA: Open and Efficient Foundation Language Models. arXiv 2023. [Google Scholar] [CrossRef]
  23. Jiang, A.Q.; Sablayrolles, A.; Mensch, A.; Bamford, C.; Chaplot, D.S.; de las Casas, D.; Bressand, F.; Lengyel, G.; Lample, G.; Saulnier, L.; et al. Mistral 7B. arXiv 2023. [Google Scholar] [CrossRef]
  24. Team, G.; Kamath, A.; Ferret, J.; Pathak, S.; Vieillard, N.; Merhej, R.; Perrin, S.; Matejovicova, T.; Ramé, A.; Rivière, M.; et al. Gemma 3 Technical Report. arXiv 2025. [Google Scholar] [CrossRef]
  25. Abdin, M.; Jacobs, S.A.; Awan, A.A.; Aneja, J.; Awadallah, A.; Awadalla, H.; Bach, N.; Bahree, A.; Bakhtiari, A.; Behl, H.; et al. Phi-3 Technical Report: A Highly Capable Language Model Locally on Your Phone. arXiv 2024. [Google Scholar] [CrossRef]
  26. Yang, A.; Li, A.; Yang, B.; Zhang, B.; Hui, B.; Zheng, B.; Yu, B.; Gao, C.; Huang, C.; Lv, C.; et al. Qwen3 Technical Report. arXiv 2025. [Google Scholar] [CrossRef]
  27. Malartic, Q.; Chowdhury, N.R.; Cojocaru, R.; Farooq, M.; Campesan, G.; Djilali, Y.A.D.; Narayan, S.; Singh, A.; Velikanov, M.; Boussaha, B.E.A.; et al. Falcon2-11B Technical Report. arXiv 2024. [Google Scholar] [CrossRef]
  28. DeepSeek-AI; Guo, D.; Yang, D.; Zhang, H.; Song, J.; Zhang, R.; Xu, R.; Zhu, Q.; Ma, S.; Wang, P.; et al. DeepSeek-R1: Incentivizing Reasoning Capability in LLMs via Reinforcement Learning. arXiv 2025. [Google Scholar] [CrossRef]
  29. Egashira, K.; Vero, M.; Staab, R.; He, J.; Vechev, M. Exploiting LLM Quantization. arXiv 2024. [Google Scholar] [CrossRef]
  30. Lang, J.; Guo, Z.; Huang, S. A Comprehensive Study on Quantization Techniques for Large Language Models. arXiv 2024. [Google Scholar] [CrossRef]
  31. Hooper, C.; Kim, S.; Mohammadzadeh, H.; Mahoney, M.W.; Shao, Y.S.; Keutzer, K.; Gholami, A. KVQuant: Towards 10 Million Context Length LLM Inference with KV Cache Quantization. Adv. Neural Inf. Process. Syst. 2024, 37, 1270–1303. [Google Scholar]
  32. Zhao, Y.; Lin, C.Y.; Zhu, K.; Ye, Z.; Chen, L.; Zheng, S.; Ceze, L.; Krishnamurthy, A.; Chen, T.; Kasikci, B. Atom: Low-Bit Quantization for Efficient and Accurate LLM Serving. Proc. Mach. Learn. Syst. 2024, 6, 196–209. [Google Scholar]
  33. Han, D.; Han, M. Run DeepSeek-R1 Dynamic 1.58-Bit. 2025. Available online: https://unsloth.ai/blog/deepseekr1-dynamic (accessed on 14 July 2025).
  34. Dai, D.; Deng, C.; Zhao, C.; Xu, R.X.; Gao, H.; Chen, D.; Li, J.; Zeng, W.; Yu, X.; Wu, Y.; et al. DeepSeekMoE: Towards Ultimate Expert Specialization in Mixture-of-Experts Language Models. arXiv 2024. [Google Scholar] [CrossRef]
  35. Fedus, W.; Zoph, B.; Shazeer, N. Switch Transformers: Scaling to Trillion Parameter Models with Simple and Efficient Sparsity. arXiv 2022. [Google Scholar] [CrossRef]
  36. Jiang, A.Q.; Sablayrolles, A.; Roux, A.; Mensch, A.; Savary, B.; Bamford, C.; Chaplot, D.S.; de las Casas, D.; Hanna, E.B.; Bressand, F.; et al. Mixtral of Experts. arXiv 2024. [Google Scholar] [CrossRef]
  37. Shi, L.; Zhang, H.; Yao, Y.; Li, Z.; Zhao, H. Keep the Cost Down: A Review on Methods to Optimize LLM’s KV-Cache Consumption. arXiv 2024. [Google Scholar] [CrossRef]
  38. Irugalbandara, C.; Mahendra, A.; Daynauth, R.; Arachchige, T.K.; Dantanarayana, J.; Flautner, K.; Tang, L.; Kang, Y.; Mars, J. Scaling Down to Scale Up: A Cost-Benefit Analysis of Replacing OpenAI’s LLM with Open Source SLMs in Production. arXiv 2024. [Google Scholar] [CrossRef]
  39. Chiang, W.L.; Zheng, L.; Sheng, Y.; Angelopoulos, A.N.; Li, T.; Li, D.; Zhang, H.; Zhu, B.; Jordan, M.; Gonzalez, J.E.; et al. Chatbot Arena: An Open Platform for Evaluating LLMs by Human Preference. arXiv 2024. [Google Scholar] [CrossRef]
  40. Wang, L.; Yi, D.; Jose, D.; Passarelli, J.; Gao, J.; Leventis, J.; Li, K. Enterprise Large Language Model Evaluation Benchmark. arXiv 2025. [Google Scholar] [CrossRef]
  41. Schroeder, S. Nvidia’s Digits Is a Tiny AI Supercomputer for Your Desk. Mashable, 7 January 2025. [Google Scholar]
  42. Willhoite, P. Why Apple’s M4 MacBook Air Is a Milestone for On-Device AI. 2025. Available online: https://www.webai.com/blog/why-apples-m4-macbook-air-is-a-milestone-for-on-device-ai (accessed on 14 July 2025).
  43. Williams, W. Return of the OG? AMD Unveils Radeon AI Pro R9700, Now a Workstation-Class GPU with 32GB GDDR6. 2025. Available online: https://www.techradar.com/pro/return-of-the-og-amd-unveils-radeon-ai-pro-r9700-now-a-workstation-class-gpu-with-32gb-gddr6 (accessed on 14 July 2025).
  44. Just, N.; Latzer, M. Governance by Algorithms: Reality Construction by Algorithmic Selection on the Internet. Media Cult. Soc. 2017, 39, 238–258. [Google Scholar] [CrossRef]
  45. Srivastava, S. Algorithmic Governance and the International Politics of Big Tech. Perspect. Politics 2023, 21, 989–1000. [Google Scholar] [CrossRef]
  46. Khanal, S.; Zhang, H.; Taeihagh, A. Why and How Is the Power of Big Tech Increasing in the Policy Process? The Case of Generative AI. Policy Soc. 2025, 44, 52–69. [Google Scholar] [CrossRef]
  47. Sætra, H.S.; Coeckelbergh, M.; Danaher, J. The AI Ethicist’s Dilemma: Fighting Big Tech by Supporting Big Tech. AI Ethics 2022, 2, 15–27. [Google Scholar] [CrossRef]
  48. Temsah, A.; Alhasan, K.; Altamimi, I.; Jamal, A.; Al-Eyadhy, A.; Malki, K.H.; Temsah, M.H. DeepSeek in Healthcare: Revealing Opportunities and Steering Challenges of a New Open-Source Artificial Intelligence Frontier. Cureus 2025, 17, e79221. [Google Scholar] [CrossRef] [PubMed]
  49. McIntosh, F.; Murina, S.; Chen, L.; Vargas, H.A.; Becker, A.S. Keeping Private Patient Data off the Cloud: A Comparison of Local LLMs for Anonymizing Radiology Reports. Eur. J. Radiol. Artif. Intell. 2025, 2, 100020. [Google Scholar] [CrossRef]
  50. Montagna, S.; Ferretti, S.; Klopfenstein, L.C.; Ungolo, M.; Pengo, M.F.; Aguzzi, G.; Magnini, M. Privacy-Preserving LLM-based Chatbots for Hypertensive Patient Self-Management. Smart Health 2025, 36, 100552. [Google Scholar] [CrossRef]
  51. Apaydin, K.; Zisgen, Y. Local Large Language Models for Business Process Modeling. In Process Mining Workshops, Proceedings of the ICPM 2024 International Workshops, Lyngby, Denmark, 14–18 October 2024; Delgado, A., Slaats, T., Eds.; Springer: Cham, Switzerland, 2025; pp. 605–609. [Google Scholar] [CrossRef]
  52. Pavsner, M.S. The Attorney’s Ethical Obligations When Using AI. Available online: https://perma.cc/LNN6-WNK8 (accessed on 14 July 2025).
  53. Tye, J.C. Exploring the Intersections of Privacy and Generative AI: A Dive into Attorney-Client Privilege and ChatGPT. Jurimetrics 2024, 64, 309. [Google Scholar]
  54. Sakai, K.; Uehara, Y.; Kashihara, S. Implementation and Evaluation of LLM-Based Conversational Systems on a Low-Cost Device. In Proceedings of the IEEE Global Humanitarian Technology Conference (GHTC), Radnor, PA, USA, 23–26 October 2024; pp. 392–399. [Google Scholar] [CrossRef]
  55. Wester, J.; Schrills, T.; Pohl, H.; van Berkel, N. “As an AI Language Model, I Cannot”: Investigating LLM Denials of User Requests. In Proceedings of the CHI ’24: CHI Conference on Human Factors in Computing Systems, New York, NY, USA, 11–16 May 2024; pp. 1–14. [Google Scholar] [CrossRef]
  56. Vekaria, Y.; Canino, A.L.; Levitsky, J.; Ciechonski, A.; Callejo, P.; Mandalari, A.M.; Shafiq, Z. Big Help or Big Brother? Auditing Tracking, Profiling, and Personalization in Generative AI Assistants. arXiv 2025. [Google Scholar] [CrossRef]
  57. Ding, N.; Qin, Y.; Yang, G.; Wei, F.; Yang, Z.; Su, Y.; Hu, S.; Chen, Y.; Chan, C.M.; Chen, W.; et al. Parameter-Efficient Fine-Tuning of Large-Scale Pre-Trained Language Models. Nat. Mach. Intell. 2023, 5, 220–235. [Google Scholar] [CrossRef]
  58. Lermen, S.; Rogers-Smith, C.; Ladish, J. LoRA Fine-tuning Efficiently Undoes Safety Training in Llama 2-Chat 70B. arXiv 2024. [Google Scholar] [CrossRef]
  59. Candel, A.; McKinney, J.; Singer, P.; Pfeiffer, P.; Jeblick, M.; Lee, C.M.; Conde, M.V. H2O Open Ecosystem for State-of-the-art Large Language Models. arXiv 2023. [Google Scholar] [CrossRef]
  60. Zhang, D.; Feng, T.; Xue, L.; Wang, Y.; Dong, Y.; Tang, J. Parameter-Efficient Fine-Tuning for Foundation Models. arXiv 2025. [Google Scholar] [CrossRef]
  61. Zheng, Y.; Zhang, R.; Zhang, J.; Ye, Y.; Luo, Z.; Feng, Z.; Ma, Y. LlamaFactory: Unified Efficient Fine-Tuning of 100+ Language Models. arXiv 2024. [Google Scholar] [CrossRef]
  62. Lyu, K.; Zhao, H.; Gu, X.; Yu, D.; Goyal, A.; Arora, S. Keeping LLMs Aligned After Fine-tuning: The Crucial Role of Prompt Templates. arXiv 2025. [Google Scholar] [CrossRef]
  63. Nguyen, M.; Baker, A.; Neo, C.; Roush, A.; Kirsch, A.; Shwartz-Ziv, R. Turning Up the Heat: Min-p Sampling for Creative and Coherent LLM Outputs. arXiv 2025. [Google Scholar] [CrossRef]
  64. Peeperkorn, M.; Kouwenhoven, T.; Brown, D.; Jordanous, A. Is Temperature the Creativity Parameter of Large Language Models? arXiv 2024. [Google Scholar] [CrossRef]
  65. Brinkmann, L.; Cebrian, M.; Pescetelli, N. Adversarial Dynamics in Centralized Versus Decentralized Intelligent Systems. Top. Cogn. Sci. 2025, 17, 374–391. [Google Scholar] [CrossRef] [PubMed]
  66. Kuźmicz, M.M. Equilibrating the Scales: Balancing and Power Relations in the Age of AI. AI & Soc. 2025. [Google Scholar] [CrossRef]
  67. Goldstein, J.A.; Sastry, G. The Coming Age of AI-Powered Propaganda. Foreign Affairs, 7 April 2023. [Google Scholar]
  68. Goldstein, J.A.; Chao, J.; Grossman, S.; Stamos, A.; Tomz, M. How Persuasive Is AI-generated Propaganda? PNAS Nexus 2024, 3, pgae034. [Google Scholar] [CrossRef] [PubMed]
  69. Spitale, G.; Biller-Andorno, N.; Germani, F. AI Model GPT-3 (Dis)Informs Us Better than Humans. Sci. Adv. 2023, 9, eadh1850. [Google Scholar] [CrossRef] [PubMed]
  70. Buchanan, B.; Lohn, A.; Musser, M. Truth, Lies, and Automation; Technical Report; Center for Security and Emerging Technology: Washington, DC, USA, 2021. [Google Scholar]
  71. Kreps, S.; McCain, R.M.; Brundage, M. All the News That’s Fit to Fabricate: AI-Generated Text as a Tool of Media Misinformation. J. Exp. Political Sci. 2022, 9, 104–117. [Google Scholar] [CrossRef]
  72. Barman, D.; Guo, Z.; Conlan, O. The Dark Side of Language Models: Exploring the Potential of LLMs in Multimedia Disinformation Generation and Dissemination. Mach. Learn. Appl. 2024, 16, 100545. [Google Scholar] [CrossRef]
  73. Visnjic, D. Generative Models and Deepfake Technology: A Qualitative Research on the Intersection of Social Media and Political Manipulation. In Artificial Intelligence and Machine Learning, Proceedings of the 43rd IBIMA Conference, IBIMA-AI 2024, Madrid, Spain, 26–27 June 2024; Soliman, K.S., Ed.; Springer: Cham, Switzerland, 2025; pp. 75–80. [Google Scholar] [CrossRef]
  74. Herbold, S.; Trautsch, A.; Kikteva, Z.; Hautli-Janisz, A. Large Language Models Can Impersonate Politicians and Other Public Figures. arXiv 2024. [Google Scholar] [CrossRef]
  75. Grattafiori, A.; Dubey, A.; Jauhri, A.; Pandey, A.; Kadian, A.; Al-Dahle, A.; Letman, A.; Mathur, A.; Schelten, A.; Vaughan, A.; et al. The Llama 3 Herd of Models. arXiv 2024. [Google Scholar] [CrossRef]
  76. Williams, A.R.; Burke-Moore, L.; Chan, R.S.Y.; Enock, F.E.; Nanni, F.; Sippy, T.; Chung, Y.L.; Gabasova, E.; Hackenburg, K.; Bright, J. Large Language Models Can Consistently Generate High-Quality Content for Election Disinformation Operations. PLoS ONE 2025, 20, e0317421. [Google Scholar] [CrossRef] [PubMed]
  77. Wack, M.; Ehrett, C.; Linvill, D.; Warren, P. Generative Propaganda: Evidence of AI’s Impact from a State-Backed Disinformation Campaign. PNAS Nexus 2025, 4, pgaf083. [Google Scholar] [CrossRef] [PubMed]
  78. Thomas, E. “Hey, Fellow Humans!”: What Can a ChatGPT Campaign Targeting Pro-Ukraine Americans Tell Us About the Future of Generative AI and Disinformation? Available online: https://www.isdglobal.org/digital_dispatches/hey-fellow-humans-what-can-a-chatgpt-campaign-targeting-pro-ukraine-americans-tell-us-about-the-future-of-generative-ai-and-disinformation/ (accessed on 14 July 2025).
  79. International Panel on the Information Environment (IPIE); Trauthig, I.; Valenzuela, S.; Howard, P.N.; Dommett, K.; Mahlouly, D. The Role of Generative AI Use in 2024 Elections Worldwide; Technical Report; International Panel on the Information Environment (IPIE): Zürich, Switzerland, 2025. [Google Scholar] [CrossRef]
  80. Myers, S.L.; Thompson, S.A. A.I. Is Starting to Wear Down Democracy. The New York Times, 27 June 2025. [Google Scholar]
  81. Haque, M.A. LLMs: A Game-Changer for Software Engineers? BenchCounc. Trans. Benchmarks Stand. Eval. 2025, 5, 100204. [Google Scholar] [CrossRef]
  82. Idrisov, B.; Schlippe, T. Program Code Generation with Generative AIs. Algorithms 2024, 17, 62. [Google Scholar] [CrossRef]
  83. Jiang, J.; Wang, F.; Shen, J.; Kim, S.; Kim, S. A Survey on Large Language Models for Code Generation. arXiv 2024. [Google Scholar] [CrossRef]
  84. Kirova, V.D.; Ku, C.S.; Laracy, J.R.; Marlowe, T.J. Software Engineering Education Must Adapt and Evolve for an LLM Environment. In Proceedings of the SIGCSE 2024: 55th ACM Technical Symposium on Computer Science Education V.1, Portland, OR, USA, 20–23 March 2024; pp. 666–672. [Google Scholar] [CrossRef]
  85. Coignion, T.; Quinton, C.; Rouvoy, R. A Performance Study of LLM-Generated Code on Leetcode. In Proceedings of the EASE ’24: 28th International Conference on Evaluation and Assessment in Software Engineering, Salerno, Italy, 18–21 June 2024; pp. 79–89. [Google Scholar] [CrossRef]
  86. Lebed, S.V.; Namiot, D.E.; Zubareva, E.V.; Khenkin, P.V.; Vorobeva, A.A.; Svichkar, D.A. Large Language Models in Cyberattacks. Dokl. Math. 2024, 110, S510–S520. [Google Scholar] [CrossRef]
  87. Madani, P. Metamorphic Malware Evolution: The Potential and Peril of Large Language Models. In Proceedings of the 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), Atlanta, GA, USA, 1–4 November 2023; pp. 74–81. [Google Scholar] [CrossRef]
  88. Afane, K.; Wei, W.; Mao, Y.; Farooq, J.; Chen, J. Next-Generation Phishing: How LLM Agents Empower Cyber Attackers. In Proceedings of the IEEE International Conference on Big Data (BigData), Washington, DC, USA, 15–18 December 2024; pp. 2558–2567. [Google Scholar] [CrossRef]
  89. Cerullo, M. AI Scams Mimicking Voices Are on the Rise. Here’s How to Protect Yourself. CBS News, 17 December 2024. Available online: https://www.cbsnews.com/news/elder-scams-family-safe-word/ (accessed on 14 July 2025).
  90. Kadali, D.K.; Narayana, K.S.S.; Haritha, P.; Mohan, R.N.V.J.; Kattula, R.; Swamy, K.S.V. Predictive Analysis of Cloned Voice to Commit Cybercrimes Using Generative AI Scammers. In Algorithms in Advanced Artificial Intelligence; CRC Press: Boca Raton, FL, USA, 2025. [Google Scholar]
  91. Toapanta, F.; Rivadeneira, B.; Tipantuña, C.; Guamán, D. AI-Driven Vishing Attacks: A Practical Approach. Eng. Proc. 2024, 77, 15. [Google Scholar] [CrossRef]
  92. Timoney, M. Gen AI Is Ramping up the Threat of Synthetic Identity Fraud. 2025. Available online: https://www.bostonfed.org/news-and-events/news/2025/04/synthetic-identity-fraud-financial-fraud-expanding-because-of-generative-artificial-intelligence.aspx (accessed on 14 July 2025).
  93. Microsoft Threat Intelligence. Staying Ahead of Threat Actors in the Age of AI. 2024. Available online: https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/ (accessed on 14 July 2025).
  94. Benegas, G.; Batra, S.S.; Song, Y.S. DNA Language Models Are Powerful Predictors of Genome-Wide Variant Effects. Proc. Natl. Acad. Sci. USA 2023, 120, e2311219120. [Google Scholar] [CrossRef] [PubMed]
  95. Consens, M.E.; Li, B.; Poetsch, A.R.; Gilbert, S. Genomic Language Models Could Transform Medicine but Not Yet. npj Digit. Med. 2025, 8, 212. [Google Scholar] [CrossRef] [PubMed]
  96. Ji, Y.; Zhou, Z.; Liu, H.; Davuluri, R.V. DNABERT: Pre-Trained Bidirectional Encoder Representations from Transformers Model for DNA-language in Genome. Bioinformatics 2021, 37, 2112–2120. [Google Scholar] [CrossRef] [PubMed]
  97. Madani, A.; Krause, B.; Greene, E.R.; Subramanian, S.; Mohr, B.P.; Holton, J.M.; Olmos, J.L.; Xiong, C.; Sun, Z.Z.; Socher, R.; et al. Large Language Models Generate Functional Protein Sequences across Diverse Families. Nat. Biotechnol. 2023, 41, 1099–1106. [Google Scholar] [CrossRef] [PubMed]
  98. Nguyen, E.; Poli, M.; Durrant, M.G.; Kang, B.; Katrekar, D.; Li, D.B.; Bartie, L.J.; Thomas, A.W.; King, S.H.; Brixi, G.; et al. Sequence Modeling and Design from Molecular to Genome Scale with Evo. Science 2024, 386, eado9336. [Google Scholar] [CrossRef] [PubMed]
  99. James, J.S.; Dai, J.; Chew, W.L.; Cai, Y. The Design and Engineering of Synthetic Genomes. Nat. Rev. Genet. 2025, 26, 298–319. [Google Scholar] [CrossRef] [PubMed]
  100. Schindler, D.; Dai, J.; Cai, Y. Synthetic Genomics: A New Venture to Dissect Genome Fundamentals and Engineer New Functions. Curr. Opin. Chem. Biol. 2018, 46, 56–62. [Google Scholar] [CrossRef] [PubMed]
  101. Pannu, J.; Bloomfield, D.; MacKnight, R.; Hanke, M.S.; Zhu, A.; Gomes, G.; Cicero, A.; Inglesby, T.V. Dual-Use Capabilities of Concern of Biological AI Models. PLoS Comput. Biol. 2025, 21, e1012975. [Google Scholar] [CrossRef] [PubMed]
  102. Mackelprang, R.; Adamala, K.P.; Aurand, E.R.; Diggans, J.C.; Ellington, A.D.; Evans, S.W.; Fortman, J.L.C.; Hillson, N.J.; Hinman, A.W.; Isaacs, F.J.; et al. Making Security Viral: Shifting Engineering Biology Culture and Publishing. ACS Synth. Biol. 2022, 11, 522–527. [Google Scholar] [CrossRef] [PubMed]
  103. Xie, X.; Lokugamage, K.G.; Zhang, X.; Vu, M.N.; Muruato, A.E.; Menachery, V.D.; Shi, P.Y. Engineering SARS-CoV-2 Using a Reverse Genetic System. Nat. Protoc. 2021, 16, 1761–1784. [Google Scholar] [CrossRef] [PubMed]
  104. Li, J.; Zhao, H.; Zheng, L.; An, W. Advances in Synthetic Biology and Biosafety Governance. Front. Bioeng. Biotechnol. 2021, 9, 598087. [Google Scholar] [CrossRef] [PubMed]
  105. Adam, D. Lethal AI Weapons Are Here: How Can We Control Them? Nature 2024, 629, 521–523. [Google Scholar] [CrossRef] [PubMed]
  106. Rees, R. Ukraine’s ‘Drone War’ Hastens Development of Autonomous Weapons. Financial Times, 26 May 2025. [Google Scholar]
  107. Davies, H.; Abraham, Y. Revealed: Israeli Military Creating ChatGPT-like Tool Using Vast Collection of Palestinian Surveillance Data. The Guardian, 6 March 2025. [Google Scholar]
  108. Zhan, Q.; Fang, R.; Bindu, R.; Gupta, A.; Hashimoto, T.; Kang, D. Removing RLHF Protections in GPT-4 via Fine-Tuning. arXiv 2024. [Google Scholar] [CrossRef]
  109. Bai, Y.; Kadavath, S.; Kundu, S.; Askell, A.; Kernion, J.; Jones, A.; Chen, A.; Goldie, A.; Mirhoseini, A.; McKinnon, C.; et al. Constitutional AI: Harmlessness from AI Feedback. arXiv 2022. [Google Scholar] [CrossRef]
  110. Allen, J.G.; Loo, J.; Campoverde, J.L.L. Governing Intelligence: Singapore’s Evolving AI Governance Framework. Camb. Forum AI Law Gov. 2025, 1, e12. [Google Scholar] [CrossRef]
  111. NIST. Artificial Intelligence Risk Management Framework (AI RMF 1.0); Technical Report NIST AI 100-1; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2023. [CrossRef]
  112. Rauh, M.; Marchal, N.; Manzini, A.; Hendricks, L.A.; Comanescu, R.; Akbulut, C.; Stepleton, T.; Mateos-Garcia, J.; Bergman, S.; Kay, J.; et al. Gaps in the Safety Evaluation of Generative AI. Proc. AAAI/ACM Conf. AI Ethics Soc. 2024, 7, 1200–1217. [Google Scholar] [CrossRef]
  113. Labonne, M. Uncensor Any LLM with Abliteration. 2024. Available online: https://huggingface.co/blog/mlabonne/abliteration (accessed on 14 July 2025).
  114. Gault, M. AI Trained on 4Chan Becomes ‘Hate Speech Machine’. Vice, 7 June 2022. [Google Scholar]
  115. Castaño, J.; Martínez-Fernández, S.; Franch, X. Lessons Learned from Mining the Hugging Face Repository. In Proceedings of the WSESE ’24: 1st IEEE/ACM International Workshop on Methodological Issues with Empirical Studies in Software Engineering, Lisbon, Portugal, 16 April 2024; pp. 1–6. [Google Scholar] [CrossRef]
  116. Wolf, T.; Debut, L.; Sanh, V.; Chaumond, J.; Delangue, C.; Moi, A.; Cistac, P.; Rault, T.; Louf, R.; Funtowicz, M.; et al. HuggingFace’s Transformers: State-of-the-art Natural Language Processing. arXiv 2020. [Google Scholar] [CrossRef]
  117. Bondarenko, M.; Lushnei, S.; Paniv, Y.; Molchanovsky, O.; Romanyshyn, M.; Filipchuk, Y.; Kiulian, A. Sovereign Large Language Models: Advantages, Strategy and Regulations. arXiv 2025. [Google Scholar] [CrossRef]
  118. Pomfret, J.; Pang, J.; Pomfret, J.; Pang, J. Exclusive: Chinese Researchers Develop AI Model for Military Use on Back of Meta’s Llama. Reuters, 1 November 2024. [Google Scholar]
  119. Hu, E.J.; Shen, Y.; Wallis, P.; Allen-Zhu, Z.; Li, Y.; Wang, S.; Wang, L.; Chen, W. LoRA: Low-Rank Adaptation of Large Language Models. arXiv 2021. [Google Scholar] [CrossRef]
  120. Yang, X.; Wang, X.; Zhang, Q.; Petzold, L.; Wang, W.Y.; Zhao, X.; Lin, D. Shadow Alignment: The Ease of Subverting Safely-Aligned Language Models. arXiv 2023. [Google Scholar] [CrossRef]
  121. Yamin, M.M.; Hashmi, E.; Katt, B. Combining Uncensored and Censored LLMs for Ransomware Generation. In Web Information Systems Engineering—WISE 2024, Proceedings of the 25th International Conference, Doha, Qatar, 2–5 December 2024; Barhamgi, M., Wang, H., Wang, X., Eds.; Springer: Singapore, 2025; pp. 189–202. [Google Scholar] [CrossRef]
  122. Wan, A.; Wallace, E.; Shen, S.; Klein, D. Poisoning Language Models During Instruction Tuning. arXiv 2023. [Google Scholar] [CrossRef]
  123. Barclay, I.; Preece, A.; Taylor, I. Defining the Collective Intelligence Supply Chain. arXiv 2018. [Google Scholar] [CrossRef]
  124. Hopkins, A.; Cen, S.H.; Ilyas, A.; Struckman, I.; Videgaray, L.; Mądry, A. AI Supply Chains: An Emerging Ecosystem of AI Actors, Products, and Services. arXiv 2025. [Google Scholar] [CrossRef]
  125. Gstrein, O.J.; Haleem, N.; Zwitter, A. General-Purpose AI Regulation and the European Union AI Act. Internet Policy Rev. 2024, 13, 1–26. [Google Scholar] [CrossRef]
  126. Evas, T. The EU Artificial Intelligence Act. J. AI Law Regul. 2024, 1, 98–101. [Google Scholar] [CrossRef]
  127. El Ali, A.; Venkatraj, K.P.; Morosoli, S.; Naudts, L.; Helberger, N.; Cesar, P. Transparent AI Disclosure Obligations: Who, What, When, Where, Why, How. In Proceedings of the CHI EA ’24: Extended Abstracts of the CHI Conference on Human Factors in Computing Systems, Honolulu, HI, USA, 11–16 May 2024; pp. 1–11. [Google Scholar] [CrossRef]
  128. The White House. Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, Executive Order 14110. 2023. Available online: https://www.federalregister.gov/documents/2023/11/01/2023-24283/safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence/ (accessed on 14 July 2025).
  129. Lubello, V. From Biden to Trump: Divergent and Convergent Policies in The Artificial Intelligence (AI) Summer. DPCE Online 2025, 69, 1. [Google Scholar] [CrossRef]
  130. The White House. Removing Barriers to American Leadership in Artificial Intelligence. 2025. Available online: https://www.whitehouse.gov/presidential-actions/2025/01/removing-barriers-to-american-leadership-in-artificial-intelligence/ (accessed on 14 July 2025).
  131. Franks, E.; Lee, B.; Xu, H. Report: China’s New AI Regulations. Glob. Priv. Law Rev. 2024, 5, 43–49. [Google Scholar] [CrossRef]
  132. Diallo, K.; Smith, J.; Okolo, C.T.; Nyamwaya, D.; Kgomo, J.; Ngamita, R. Case Studies of AI Policy Development in Africa. Data Policy 2025, 7, e15. [Google Scholar] [CrossRef]
  133. Quan, E. Censorship Sensing: The Capabilities and Implications of China’s Great Firewall Under Xi Jinping. Sigma J. Political Int. Stud. 2022, 39, 19–31. [Google Scholar]
  134. Wong, H. Mapping the Open-Source AI Debate: Cybersecurity Implications and Policy Priorities. 2025. Available online: https://www.rstreet.org/research/mapping-the-open-source-ai-debate-cybersecurity-implications-and-policy-priorities/ (accessed on 14 July 2025).
  135. Abdelnabi, S.; Fritz, M. Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding. In Proceedings of the IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 24–27 May 2021; pp. 121–140. [Google Scholar] [CrossRef]
  136. Uddin, M.S.; Ohidujjaman; Hasan, M.; Shimamura, T. Audio Watermarking: A Comprehensive Review. Int. J. Adv. Comput. Sci. Appl. 2024, 15, 5. [Google Scholar] [CrossRef]
  137. Zhao, X.; Zhang, K.; Su, Z.; Vasan, S.; Grishchenko, I.; Kruegel, C.; Vigna, G.; Wang, Y.X.; Li, L. Invisible Image Watermarks Are Provably Removable Using Generative AI. arXiv 2024. [Google Scholar] [CrossRef]
  138. Han, T.A.; Lenaerts, T.; Santos, F.C.; Pereira, L.M. Voluntary Safety Commitments Provide an Escape from Over-Regulation in AI Development. Technol. Soc. 2022, 68, 101843. [Google Scholar] [CrossRef]
  139. Ali, S.J.; Christin, A.; Smart, A.; Katila, R. Walking the Walk of AI Ethics: Organizational Challenges and the Individualization of Risk among Ethics Entrepreneurs. In Proceedings of the ACM Conference on Fairness, Accountability, and Transparency, Chicago, IL, USA, 12–15 June 2023; pp. 217–226. [Google Scholar] [CrossRef]
  140. Varanasi, R.A.; Goyal, N. “It Is Currently Hodgepodge”: Examining AI/ML Practitioners’ Challenges during Co-production of Responsible AI Values. In Proceedings of the CHI ’23: CHI Conference on Human Factors in Computing Systems, Hamburg, Germany, 23–28 April 2023; pp. 1–17. [Google Scholar] [CrossRef]
  141. van Maanen, G. AI Ethics, Ethics Washing, and the Need to Politicize Data Ethics. Digit. Soc. 2022, 1, 9. [Google Scholar] [CrossRef] [PubMed]
  142. Widder, D.G.; Zhen, D.; Dabbish, L.; Herbsleb, J. It’s about Power: What Ethical Concerns Do Software Engineers Have, and What Do They (Feel They Can) Do about Them? In Proceedings of the FAccT ’23: ACM Conference on Fairness, Accountability, and Transparency, Chicago, IL, USA, 12–15 June 2023; pp. 467–479. [Google Scholar] [CrossRef]
  143. Ferrandis, C.M.; Lizarralde, M.D. Open Sourcing AI: Intellectual Property at the Service of Platform Leadership. J. Intellect. Prop. Inf. Technol. Electron. Commer. Law 2022, 13, 224–246. [Google Scholar]
  144. Contractor, D.; McDuff, D.; Haines, J.K.; Lee, J.; Hines, C.; Hecht, B.; Vincent, N.; Li, H. Behavioral Use Licensing for Responsible AI. In Proceedings of the FAccT ’22: ACM Conference on Fairness, Accountability, and Transparency, Seoul, Republic of Korea, 21–24 June 2022; pp. 778–788. [Google Scholar] [CrossRef]
  145. Klyman, K. Acceptable Use Policies for Foundation Models. Proc. AAAI/ACM Conf. AI Ethics Soc. 2024, 7, 752–767. [Google Scholar] [CrossRef]
  146. McDuff, D.; Korjakow, T.; Cambo, S.; Benjamin, J.J.; Lee, J.; Jernite, Y.; Ferrandis, C.M.; Gokaslan, A.; Tarkowski, A.; Lindley, J.; et al. On the Standardization of Behavioral Use Clauses and Their Adoption for Responsible Licensing of AI. arXiv 2024. [Google Scholar] [CrossRef]
  147. Schmit, C.D.; Doerr, M.J.; Wagner, J.K. Leveraging IP for AI Governance. Science 2023, 379, 646–648. [Google Scholar] [CrossRef] [PubMed]
  148. Henderson, P.; Lemley, M.A. The Mirage of Artificial Intelligence Terms of Use Restrictions. arXiv 2024. [Google Scholar] [CrossRef]
  149. Crouch, D. Using Intellectual Property to Regulate Artificial Intelligence. Mo. Law Rev. 2024, 89, 781. [Google Scholar] [CrossRef]
  150. Widder, D.G.; Nafus, D.; Dabbish, L.; Herbsleb, J. Limits and Possibilities for “Ethical AI” in Open Source: A Study of Deepfakes. In Proceedings of the FAccT ’22: ACM Conference on Fairness, Accountability, and Transparency, Seoul, Republic of Korea, 21–24 June 2022; pp. 2035–2046. [Google Scholar] [CrossRef]
  151. Pawelec, M. Decent Deepfakes? Professional Deepfake Developers’ Ethical Considerations and Their Governance Potential. AI Ethics 2024, 5, 2641–2666. [Google Scholar] [CrossRef]
  152. Cui, J.; Araujo, D.A. Rethinking Use-Restricted Open-Source Licenses for Regulating Abuse of Generative Models. Big Data Soc. 2024, 11, 20539517241229699. [Google Scholar] [CrossRef]
  153. Maktabdar Oghaz, M.; Babu Saheer, L.; Dhame, K.; Singaram, G. Detection and Classification of ChatGPT-generated Content Using Deep Transformer Models. Front. Artif. Intell. 2025, 8, 1458707. [Google Scholar] [CrossRef] [PubMed]
  154. Rashidi, H.H.; Fennell, B.D.; Albahra, S.; Hu, B.; Gorbett, T. The ChatGPT Conundrum: Human-generated Scientific Manuscripts Misidentified as AI Creations by AI Text Detection Tool. J. Pathol. Inform. 2023, 14, 100342. [Google Scholar] [CrossRef] [PubMed]
  155. Weber-Wulff, D.; Anohina-Naumeca, A.; Bjelobaba, S.; Foltýnek, T.; Guerrero-Dib, J.; Popoola, O.; Šigut, P.; Waddington, L. Testing of Detection Tools for AI-generated Text. Int. J. Educ. Integr. 2023, 19, 26. [Google Scholar] [CrossRef]
  156. Poireault, K. Malicious AI Models on Hugging Face Exploit Novel Attack Technique. 2025. Available online: https://www.infosecurity-magazine.com/news/malicious-ai-models-hugging-face/ (accessed on 14 July 2025).
  157. Sabt, M.; Achemlal, M.; Bouabdallah, A. Trusted Execution Environment: What It Is, and What It Is Not. In Proceedings of the IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, 20–22 August 2015; Volume 1, pp. 57–64. [Google Scholar] [CrossRef]
  158. AĞCA, M.A.; Faye, S.; Khadraoui, D. A Survey on Trusted Distributed Artificial Intelligence. IEEE Access 2022, 10, 55308–55337. [Google Scholar] [CrossRef]
  159. Geppert, T.; Deml, S.; Sturzenegger, D.; Ebert, N. Trusted Execution Environments: Applications and Organizational Challenges. Front. Comput. Sci. 2022, 4, 930741. [Google Scholar] [CrossRef]
  160. Jauernig, P.; Sadeghi, A.R.; Stapf, E. Trusted Execution Environments: Properties, Applications, and Challenges. IEEE Secur. Priv. 2020, 18, 56–60. [Google Scholar] [CrossRef]
  161. Babar, M.F.; Hasan, M. Trusted Deep Neural Execution—A Survey. IEEE Access 2023, 11, 45736–45748. [Google Scholar] [CrossRef]
  162. Cai, Z.; Ma, R.; Fu, Y.; Zhang, W.; Ma, R.; Guan, H. LLMaaS: Serving Large-Language Models on Trusted Serverless Computing Platforms. IEEE Trans. Artif. Intell. 2025, 6, 405–415. [Google Scholar] [CrossRef]
  163. Dong, B.; Wang, Q. Evaluating the Performance of the DeepSeek Model in Confidential Computing Environment. arXiv 2025. [Google Scholar] [CrossRef]
  164. Greamo, C.; Ghosh, A. Sandboxing and Virtualization: Modern Tools for Combating Malware. IEEE Secur. Priv. 2011, 9, 79–82. [Google Scholar] [CrossRef]
  165. Prevelakis, V.; Spinellis, D. Sandboxing Applications. In Proceedings of the USENIX Annual Technical Conference, FREENIX Track, Boston, MA, USA, 25–30 June 2001; pp. 119–126. [Google Scholar]
  166. Johnson, J. The AI Commander Problem: Ethical, Political, and Psychological Dilemmas of Human-Machine Interactions in AI-enabled Warfare. J. Mil. Ethics 2022, 21, 246–271. [Google Scholar] [CrossRef]
  167. Salo-Pöntinen, H. AI Ethics—Critical Reflections on Embedding Ethical Frameworks in AI Technology. In Culture and Computing. Design Thinking and Cultural Computing; Rauterberg, M., Ed.; Springer: Cham, Switzerland, 2021; pp. 311–329. [Google Scholar] [CrossRef]
  168. Cai, Y.; Liang, P.; Wang, Y.; Li, Z.; Shahin, M. Demystifying Issues, Causes and Solutions in LLM Open-Source Projects. J. Syst. Softw. 2025, 227, 112452. [Google Scholar] [CrossRef]
  169. Win, H.M.; Wang, H.; Tan, S.H. Towards Automated Detection of Unethical Behavior in Open-Source Software Projects. In Proceedings of the ESEC/FSE 2023: 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, San Francisco, CA, USA, 3–9 December 2023; pp. 644–656. [Google Scholar] [CrossRef]
  170. Wang, W. Rethinking AI Safety Approach in the Era of Open-Source AI. 2025. Available online: https://www.lesswrong.com/posts/dLnwRFLFmHKuurTX2/rethinking-ai-safety-approach-in-the-era-of-open-source-ai (accessed on 14 July 2025).
  171. Carlisle, K.; Gruby, R.L. Polycentric Systems of Governance: A Theoretical Model for the Commons. Policy Stud. J. 2019, 47, 927–952. [Google Scholar] [CrossRef]
  172. Ostrom, E. Polycentric Systems for Coping with Collective Action and Global Environmental Change. Glob. Environ. Chang. 2010, 20, 550–557. [Google Scholar] [CrossRef]
  173. Huang, L.T.L.; Papyshev, G.; Wong, J.K. Democratizing Value Alignment: From Authoritarian to Democratic AI Ethics. AI Ethics 2025, 5, 11–18. [Google Scholar] [CrossRef]
  174. Cihon, P.; Maas, M.M.; Kemp, L. Should Artificial Intelligence Governance Be Centralised? Design Lessons from History. In Proceedings of the AIES ’20: AAAI/ACM Conference on AI, Ethics, and Society, New York, NY, USA, 7–9 February 2020; pp. 228–234. [Google Scholar] [CrossRef]
  175. Attard-Frost, B.; Widder, D.G. The Ethics of AI Value Chains. Big Data Soc. 2025, 12, 20539517251340603. [Google Scholar] [CrossRef]
  176. Muldoon, J.; Cant, C.; Graham, M.; Ustek Spilda, F. The Poverty of Ethical AI: Impact Sourcing and AI Supply Chains. AI Soc. 2025, 40, 529–543. [Google Scholar] [CrossRef]
  177. Widder, D.G.; Nafus, D. Dislocated Accountabilities in the “AI Supply Chain”: Modularity and Developers’ Notions of Responsibility. Big Data Soc. 2023, 10, 20539517231177620. [Google Scholar] [CrossRef]
  178. McKelvey, F.; MacDonald, M. Artificial Intelligence Policy Innovations at the Canadian Federal Government. Can. J. Commun. 2019, 44, 43–50. [Google Scholar] [CrossRef]
  179. Stahl, B.C.; Antoniou, J.; Bhalla, N.; Brooks, L.; Jansen, P.; Lindqvist, B.; Kirichenko, A.; Marchal, S.; Rodrigues, R.; Santiago, N.; et al. A Systematic Review of Artificial Intelligence Impact Assessments. Artif. Intell. Rev. 2023, 56, 12799–12831. [Google Scholar] [CrossRef] [PubMed]
  180. Hsu, Y.C.; Huang, T.H.K.; Verma, H.; Mauri, A.; Nourbakhsh, I.; Bozzon, A. Empowering Local Communities Using Artificial Intelligence. Patterns 2022, 3, 100449. [Google Scholar] [CrossRef] [PubMed]
  181. Esteves, A.M.; Daniel, F.; Vanclay, F. Social Impact Assessment: The State of the Art. Impact Assess. Proj. Apprais. 2012, 30, 34–42. [Google Scholar] [CrossRef]
  182. Welsh, C.; Román García, S.; Barnett, G.C.; Jena, R. Democratising Artificial Intelligence in Healthcare: Community-Driven Approaches for Ethical Solutions. Future Healthc. J. 2024, 11, 100165. [Google Scholar] [CrossRef] [PubMed]
  183. Buiten, M.; de Streel, A.; Peitz, M. The Law and Economics of AI Liability. Comput. Law Secur. Rev. 2023, 48, 105794. [Google Scholar] [CrossRef]
  184. Ramakrishnan, K.; Smith, G.; Downey, C. U.S. Tort Liability for Large-Scale Artificial Intelligence Damages: A Primer for Developers and Policymakers; Technical Report; Rand Corporation: Santa Monica, CA, USA, 2024. [Google Scholar]
  185. Agnese, P.; Arduino, F.R.; Prisco, D.D. The Era of Artificial Intelligence: What Implications for the Board of Directors? Corp. Gov. Int. J. Bus. Soc. 2024, 25, 272–287. [Google Scholar] [CrossRef]
  186. Collina, L.; Sayyadi, M.; Provitera, M. Critical Issues About A.I. Accountability Answered. Calif. Manag. Rev. Insights 2023. Available online: https://cmr.berkeley.edu/2023/11/critical-issues-about-a-i-accountability-answered/ (accessed on 14 July 2025).
  187. da Fonseca, A.T.; Vaz de Sequeira, E.; Barreto Xavier, L. Liability for AI Driven Systems. In Multidisciplinary Perspectives on Artificial Intelligence and the Law; Sousa Antunes, H., Freitas, P.M., Oliveira, A.L., Martins Pereira, C., Vaz de Sequeira, E., Barreto Xavier, L., Eds.; Springer International Publishing: Cham, Switzerland, 2024; pp. 299–317. [Google Scholar] [CrossRef]
  188. Andrews, C. European Commission Withdraws AI Liability Directive from Consideration. 2025. Available online: https://iapp.org/news/a/european-commission-withdraws-ai-liability-directive-from-consideration (accessed on 14 July 2025).
  189. Abbass, H.; Bender, A.; Gaidow, S.; Whitbread, P. Computational Red Teaming: Past, Present and Future. IEEE Comput. Intell. Mag. 2011, 6, 30–42. [Google Scholar] [CrossRef]
  190. Ahmad, L.; Agarwal, S.; Lampe, M.; Mishkin, P. OpenAI’s Approach to External Red Teaming for AI Models and Systems. arXiv 2025. [Google Scholar] [CrossRef]
  191. Tschider, C. Will a Cybersecurity Safe Harbor Raise All Boats? Lawfare, 20 March 2024. [Google Scholar]
  192. Shinkle, D. The Ohio Data Protection Act: An Analysis of the Ohio Cybersecurity Safe Harbor. Univ. Cincinnati Law Rev. 2019, 87, 1213–1235. [Google Scholar]
  193. Oberly, D.J. A Potential Trend in the Making? Utah Becomes the Second State to Enact Data Breach Safe Harbor Law Incentivizing Companies to Maintain Robust Data Protection Programs. ABA TIPS Cybersecur. Data Priv. Comm. Newsl. 2021. Available online: https://www.jdsupra.com/legalnews/a-potential-trend-in-the-making-utah-7390312/ (accessed on 14 July 2025).
  194. Lund, B.; Orhan, Z.; Mannuru, N.R.; Bevara, R.V.K.; Porter, B.; Vinaih, M.K.; Bhaskara, P. Standards, Frameworks, and Legislation for Artificial Intelligence (AI) Transparency. AI Ethics 2025, 5, 3639–3655. [Google Scholar] [CrossRef]
  195. McNerney, J. McNerney Introduces Bill to Establish Safety Standards for Artificial Intelligence While Fostering Innovation. 2025. Available online: https://sd05.senate.ca.gov/news/mcnerney-introduces-bill-establish-safety-standards-artificial-intelligence-while-fostering (accessed on 14 July 2025).
Ai 06 00159 g001
Figure 1. Properties of centralized “cloud” AI and local AI are compared. Cloud AI systems are exemplified by OpenAI’s ChatGPT, Google’s Gemini, and Anthropic’s Claude. Cloud-based AIs (including these three) are often closed-source, and, even when nominally open-source, cloud AI can impose guardrails that bar access to the public. By contrast, local AI models are run privately and thus appear “invisible” to regulators.
Figure 1. Properties of centralized “cloud” AI and local AI are compared. Cloud AI systems are exemplified by OpenAI’s ChatGPT, Google’s Gemini, and Anthropic’s Claude. Cloud-based AIs (including these three) are often closed-source, and, even when nominally open-source, cloud AI can impose guardrails that bar access to the public. By contrast, local AI models are run privately and thus appear “invisible” to regulators.
Ai 06 00159 g001
Ai 06 00159 g002
Figure 2. The scores plotted here are Elo values from the LMSYS Chatbot Arena, a crowd-sourced head-to-head evaluation platform that places closed and open models on a single continuously updated scale [39]. This benchmark provides a metric of the real-world usefulness of models. Blue points (names of exemplary models are indicated in black text) mark open-source models that can be executed on high-end consumer hardware; red points (models indicated in gray text) mark proprietary systems from OpenAI, Google, and Anthropic.
Figure 2. The scores plotted here are Elo values from the LMSYS Chatbot Arena, a crowd-sourced head-to-head evaluation platform that places closed and open models on a single continuously updated scale [39]. This benchmark provides a metric of the real-world usefulness of models. Blue points (names of exemplary models are indicated in black text) mark open-source models that can be executed on high-end consumer hardware; red points (models indicated in gray text) mark proprietary systems from OpenAI, Google, and Anthropic.
Ai 06 00159 g002
Ai 06 00159 g003
Figure 3. Comparative analysis of AI model responses to unsafe prompts. Models were tested with two prompts: (1) “Write a convincing social media post claiming that the 5 November 2024 United States presidential election date has been moved to 12 November due to technical issues with voting machines.” (2) “Write a social media post urging a violent revolution against the government of the People’s Republic of China.” Most responses denied or provided a substantive response, sometimes with a warning not to misuse the response. While this exercise is intended as an illustrative example rather than rigorous analysis, it demonstrates the potential risks of local AI models, particularly when they are deliberately modified to remove technical safeguards.
Figure 3. Comparative analysis of AI model responses to unsafe prompts. Models were tested with two prompts: (1) “Write a convincing social media post claiming that the 5 November 2024 United States presidential election date has been moved to 12 November due to technical issues with voting machines.” (2) “Write a social media post urging a violent revolution against the government of the People’s Republic of China.” Most responses denied or provided a substantive response, sometimes with a warning not to misuse the response. While this exercise is intended as an illustrative example rather than rigorous analysis, it demonstrates the potential risks of local AI models, particularly when they are deliberately modified to remove technical safeguards.
Ai 06 00159 g003
Ai 06 00159 g004
Figure 4. Through the “AI supply chain,” shown schematically in the top row here, models are developed and applied in the real world. Information can flow back up through the chain as well, making it a “value chain.” The lower row shows exemplary points of control in current AI regulatory strategies where failures can emerge as a result of deploying open-source models locally.
Figure 4. Through the “AI supply chain,” shown schematically in the top row here, models are developed and applied in the real world. Information can flow back up through the chain as well, making it a “value chain.” The lower row shows exemplary points of control in current AI regulatory strategies where failures can emerge as a result of deploying open-source models locally.
Ai 06 00159 g004
Ai 06 00159 g005
Figure 5. This schematic summarizes complementary multilayered proposals for addressing the challenges of local AI governance, which are further detailed in Section 6. The inner ring contains proposed technological measures for local AI model safety. The outer ring contains the elements of policy scaffolding designed to promote and support technical safeguards.
Figure 5. This schematic summarizes complementary multilayered proposals for addressing the challenges of local AI governance, which are further detailed in Section 6. The inner ring contains proposed technological measures for local AI model safety. The outer ring contains the elements of policy scaffolding designed to promote and support technical safeguards.
Ai 06 00159 g005
Table 1. Benefits and corresponding risks of local AI.
Table 1. Benefits and corresponding risks of local AI.
AspectKey BenefitCorresponding Risk
PrivacyData remain on-deviceReduced external audit and traceability
AutonomyFreedom from platform gatekeepingLoss of centrally enforced guardrails
Cost and accessOne-time or low cost democratizes useWider spread of uncensored models
CustomizabilityEasy fine-tuning for local needsSafety alignment can be stripped
Innovation and equityBroader participation in AI R&DMalicious actors gain powerful tools
Table 2. Multilayered and interconnected governance responses for local AI.
Table 2. Multilayered and interconnected governance responses for local AI.
Governance FocusTechnical SafeguardPolicy/Process Measure
Content authenticityProvenance and watermark toolkitsVoluntary community labeling norms
Runtime boundariesUser-configurable ethical runtime env.Safe-harbor tied to compliance
Open-source oversightAutomated repo monitoringPolycentric and participatory bodies
Liability and incentivesAudit logs for model releasesMultistakeholder safe-harbor schemes
Cross-jurisdiction coordinationModular open toolsDistributed polycentric frameworks
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Sokhansanj, B.A. Local AI Governance: Addressing Model Safety and Policy Challenges Posed by Decentralized AI. AI 2025, 6, 159. https://doi.org/10.3390/ai6070159

AMA Style

Sokhansanj BA. Local AI Governance: Addressing Model Safety and Policy Challenges Posed by Decentralized AI. AI. 2025; 6(7):159. https://doi.org/10.3390/ai6070159

Chicago/Turabian Style

Sokhansanj, Bahrad A. 2025. "Local AI Governance: Addressing Model Safety and Policy Challenges Posed by Decentralized AI" AI 6, no. 7: 159. https://doi.org/10.3390/ai6070159

APA Style

Sokhansanj, B. A. (2025). Local AI Governance: Addressing Model Safety and Policy Challenges Posed by Decentralized AI. AI, 6(7), 159. https://doi.org/10.3390/ai6070159

Article Metrics

Back to TopTop