Vulnerabilities in open source ChatGPT alternative Jan AI expose systems to remote, unauthenticated manipulation.
April 2, 2025 By Ionut Arghire
Multiple vulnerabilities in Jan AI, which is advertised as an open source ChatGPT alternative, could be exploited by remote, unauthenticated attackers to manipulate systems, developer security platform Snyk warns.
Developed by Menlo Research, Jan AI is a personal assistant that runs offline on desktops and mobile devices, featuring a model library with popular LLMs, and support for extensions for customization purposes.
Jan, which has over one million downloads on GitHub, allows users to download and run LLMs locally, without depending on cloud hosting services and benefiting from full control over the AI.
