Sign up to save your podcasts
Or
Share Open Weight Models and Open Source Harnesses | Episode 56
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Open Weight Models and Open Source Harnesses | Episode 56
In this episode of BHIS Presents: AI Security Ops, the team looks at what it actually means to own your AI stack.
Open-weight models and open-source harnesses are no longer just lab toys. They are becoming practical options for security teams that care about where their prompts, code, client data, findings, and tooling actually live.
The core question: when your work depends on AI, how much control are you willing to give away?
We dig into:
- What data sovereignty means for security teams
- Why token sovereignty matters in agentic workflows
- How provider terms can become a business risk
- Open-weight models vs. truly open-source AI
- Why harnesses like Hermes and OpenCode matter
- Where cloud providers may apply fewer restrictions
- The tradeoff between local control and hosted capability
- Supply chain risk in models, harnesses, and plugins
- Running local models with Ollama, VLLM, and similar tools
- Why “local” does not automatically mean “safe”
- How to start experimenting without buying expensive hardware
- The next risk frontier: local prompt injection
Owning your AI stack does not magically eliminate risk. It moves the risk. Hosted models create exposure around data, terms, pricing, and availability. Local models create exposure around maintenance, supply chain, permissions, and prompt injection. The security win is not blindly choosing local or cloud — it is knowing which layer you need to control, and why.
⸻
📚 Key Concepts & Topics
Data & Terms Risk
- Prompts can contain code, client data, findings, and operational context
- Hosted providers may inspect, retain, or restrict usage
- Terms changes can affect entire security workflows
- “Allowed yesterday” does not guarantee “allowed tomorrow”
Token Sovereignty
- Agentic workflows burn far more tokens than simple chat
- Rate limits, usage windows, and pricing changes become operational dependencies
- Local hardware shifts the constraint from API quota to compute capacity
- Cost control is part of architecture, not just procurement
Models vs. Harnesses
- Open-weight models provide downloadable weights, not always full training transparency
- Harnesses provide the tool loop, permissions, memory, and provider adapters
- Hermes, OpenCode, Claude Code, Codex, and similar tools shape what the model can actually do
- Risk often lives in the harness around the model
Local Stack Tradeoffs
- Local models improve control over sensitive data
- Self-hosting adds maintenance, patching, networking, and monitoring responsibilities
- Tools like Ollama, VLLM, and Llama.cpp lower the barrier to experimentation
- Expensive hardware helps, but it is not required to start learning
Supply Chain & Prompt Injection
- Model weights, plugins, skills, and MCP servers are all supply chain decisions
- Local agents with shell access can turn prompt injection into local impact
- “No provider guardrails” means you own the safety controls
- Permissions, sandboxing, and audit logs matter more as the stack gets more autonomous
Practical Starting Point
- Pick one harness and go deep before chasing every new tool
- Test real tasks, not toy demos
- Compare hosted and local workflows honestly
- Decide which layers you need to own before you need an emergency exit
#AISecurity #LLMSecurity #CyberSecurity #ArtificialIntelligence #OpenSourceAI #LocalLLM #AIAgents #SecOps #InfoSec #BHIS #AppSec #PromptInjection #SecurityArchitecture
----------------------------------------------------------------------------------------------
About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/
About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/
About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/
About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/
About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/
- (00:00) - Intro: Owning Your AI Stack
Click here to watch this episode on YouTube.
Creators & Guests
Brought to you by:
Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
https://wildwesthackinfest.com
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com
Click here to view the episode transcript.
View all episodes
By Black Hills Information SecurityIn this episode of BHIS Presents: AI Security Ops, the team looks at what it actually means to own your AI stack.
Open-weight models and open-source harnesses are no longer just lab toys. They are becoming practical options for security teams that care about where their prompts, code, client data, findings, and tooling actually live.
The core question: when your work depends on AI, how much control are you willing to give away?
We dig into:
- What data sovereignty means for security teams
- Why token sovereignty matters in agentic workflows
- How provider terms can become a business risk
- Open-weight models vs. truly open-source AI
- Why harnesses like Hermes and OpenCode matter
- Where cloud providers may apply fewer restrictions
- The tradeoff between local control and hosted capability
- Supply chain risk in models, harnesses, and plugins
- Running local models with Ollama, VLLM, and similar tools
- Why “local” does not automatically mean “safe”
- How to start experimenting without buying expensive hardware
- The next risk frontier: local prompt injection
Owning your AI stack does not magically eliminate risk. It moves the risk. Hosted models create exposure around data, terms, pricing, and availability. Local models create exposure around maintenance, supply chain, permissions, and prompt injection. The security win is not blindly choosing local or cloud — it is knowing which layer you need to control, and why.
⸻
📚 Key Concepts & Topics
Data & Terms Risk
- Prompts can contain code, client data, findings, and operational context
- Hosted providers may inspect, retain, or restrict usage
- Terms changes can affect entire security workflows
- “Allowed yesterday” does not guarantee “allowed tomorrow”
Token Sovereignty
- Agentic workflows burn far more tokens than simple chat
- Rate limits, usage windows, and pricing changes become operational dependencies
- Local hardware shifts the constraint from API quota to compute capacity
- Cost control is part of architecture, not just procurement
Models vs. Harnesses
- Open-weight models provide downloadable weights, not always full training transparency
- Harnesses provide the tool loop, permissions, memory, and provider adapters
- Hermes, OpenCode, Claude Code, Codex, and similar tools shape what the model can actually do
- Risk often lives in the harness around the model
Local Stack Tradeoffs
- Local models improve control over sensitive data
- Self-hosting adds maintenance, patching, networking, and monitoring responsibilities
- Tools like Ollama, VLLM, and Llama.cpp lower the barrier to experimentation
- Expensive hardware helps, but it is not required to start learning
Supply Chain & Prompt Injection
- Model weights, plugins, skills, and MCP servers are all supply chain decisions
- Local agents with shell access can turn prompt injection into local impact
- “No provider guardrails” means you own the safety controls
- Permissions, sandboxing, and audit logs matter more as the stack gets more autonomous
Practical Starting Point
- Pick one harness and go deep before chasing every new tool
- Test real tasks, not toy demos
- Compare hosted and local workflows honestly
- Decide which layers you need to own before you need an emergency exit
#AISecurity #LLMSecurity #CyberSecurity #ArtificialIntelligence #OpenSourceAI #LocalLLM #AIAgents #SecOps #InfoSec #BHIS #AppSec #PromptInjection #SecurityArchitecture
----------------------------------------------------------------------------------------------
About Brian Fehrman - https://www.blackhillsinfosec.com/team/brian-fehrman/
About Bronwen Aker - https://www.blackhillsinfosec.com/team/bronwen-aker/
About Derek Banks - https://www.blackhillsinfosec.com/team/derek-banks/
About Ethan Robish - https://www.blackhillsinfosec.com/team/ethan-robish/
About Ben Bowman - https://www.blackhillsinfosec.com/team/ben-bowman/
- (00:00) - Intro: Owning Your AI Stack
Click here to watch this episode on YouTube.
Creators & Guests
Brought to you by:
Black Hills Information Security
https://www.blackhillsinfosec.com
Antisyphon Training
https://www.antisyphontraining.com/
Active Countermeasures
https://www.activecountermeasures.com
Wild West Hackin Fest
https://wildwesthackinfest.com
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits
https://poweredbybhis.com
Click here to view the episode transcript.