The global AI race is rapidly accelerating, with states and corporations investing billions into AI for commercial, strategic and defence purposes. But a byproduct of this race is the proliferation of uncensored AI models, which pose a potent security threat.
These models, often derived from open-source large language models, lack the safety filters of mainstream tools such as ChatGPT. The result is a system that will respond to virtually any prompt without hesitation or ethical restraint. Need a tutorial on writing malware? Curious how to make explosives, weapons or drugs? An uncensored model will likely provide detailed instructions.
The danger lies not just in what these models can produce, but in how easily they can be accessed. Many are hosted on widely used platforms that host legitimate tools and research and sit at the forefront of AI development, such as Hugging Face, GitHub and Ollama. Uncensored models can be downloaded with just a few clicks. A simple search on such platforms for ‘uncensored’ reveals models that have collectively been downloaded millions of times—with no vetting, oversight or accountability to ensure they are not used with the intent to cause harm.
Offline usability makes uncensored models especially difficult to regulate. Once downloaded, they can be run locally on consumer-grade computers with no internet connection. There is no corporate server, no automated data collection and often no way of knowing whether a model is being used for academic research, criminal enterprise or extremist activity.
In fact, it’s easier than ever to run these tools. With platforms such as LM Studio, even non-technical users can deploy an uncensored model in minutes. No coding is required, and interfaces are as intuitive as any mainstream application. Once operational, uncensored models become nearly impossible to monitor.
For those who prefer not to run models locally, there are services that host them online, often under the guise of privacy-focused AI platforms. Some advertise that they keep no logs of user AI requests, accept cryptocurrency payments and highlight their low censorship refusal rates. These refusal metrics are pitched as selling points, not safeguards. While often framed as enabling ‘creative freedom’, their open advertisement shows uncensored access is being commodified, removing the last meaningful barrier between malicious actors and powerful generative tools. These services are not obscure; they’re publicly available and easy to find with a simple Google search.
Uncensored models act as force multipliers for threat actors. Previously, detailed technical knowledge was required to create malware, conduct sophisticated extremist activities, or craft influence operations. Now, these capabilities can be outsourced to a model. With the right prompt, even those with minimal expertise can receive tailored guidance on executing high-consequence actions.
This creates a widening asymmetry. Malicious actors with access to an uncensored AI model can easily simulate the output of a team of subject matter experts. In this way, AI lowers both the cost and threshold for malicious activity, dramatically expanding the threat landscape by enabling previously low-capability actors to conduct operations once reserved for sophisticated threats.
Attempts to delist or remove these models from public repositories are largely symbolic. Even if original sources are deleted, the models can be redistributed through torrents, private forums and alternative platforms. The genie is out of the bottle.
That doesn’t mean companies and policymakers should give up. The fact that these models are so easily available is deeply concerning. So they should focus on increasing barriers to access such models through policy, regulation or community norms.
Addressing this threat will require new thinking. Threat modelling must adapt to the reality that public AI models can now be used in near-untraceable ways to enhance the capabilities of previously unsophisticated actors who now have the tools to conduct sophisticated operations with minimal resources.
While policymakers focus on regulating corporate data practices, uncensored models already pose a pressing threat. Such models allow low-skill actors to scale harm in ways previously reserved for states and the most technically sophisticated groups. These models can’t be recalled, but access can be constrained. Our threat models and planning must evolve to meet this new reality. Failing to act means accepting a growing risk to national and global security.