The write endpoint issue is the part that's consistently underreported. Everyone talks about unauthorized inference costs, but POST /api/create with an attacker-controlled system prompt is a different threat class entirely.
This is exactly why I run local inference bound to localhost only, no external exposure. MNN on a Snapdragon via Termux — the attack surface is zero if the port never leaves the device. Sovereign infrastructure isn't just about privacy, it's the simplest security posture available.
The write endpoint issue is the part that's consistently underreported. Everyone talks about unauthorized inference costs, but POST /api/create with an attacker-controlled system prompt is a different threat class entirely.
This is exactly why I run local inference bound to localhost only, no external exposure. MNN on a Snapdragon via Termux — the attack surface is zero if the port never leaves the device. Sovereign infrastructure isn't just about privacy, it's the simplest security posture available.