AI safety at risk: Open-source models are being rewired to ignore ethical guardrails

A new study exposes the fast-evolving, largely unregulated world of publicly available and locally deployable large language models (LLMs), revealing how community modifications are reshaping AI safety, governance, and accessibility. The research, titled “Uncensored AI in the Wild: Tracking Publicly Available and Locally Deployable LLMs,” was published in Future Internet.

The paper represents one of the first large-scale empirical efforts to analyze how open-weight AI models, those that can be freely downloaded, modified, and re-shared, circulate across the internet. By tracking over 8,600 model repositories, the study examined the impact of user-led modifications on safety behaviors, the concentration of AI distribution networks, and the rapid rise of local, consumer-grade deployment of powerful LLMs.

Community modifications are rewriting AI safety

The study compared unmodified baseline models with community-aligned or "safety-modified" variants using 20 representative LLMs. The results show that community interventions can dramatically alter how models handle harmful or restricted prompts.

Unmodified open-weight models complied with only 19.2% of unsafe requests, while safety-modified versions complied at 80%, reflecting a fourfold increase in refusals to generate disallowed content. Surprisingly, the effectiveness of these modifications was not correlated with model size, with smaller 14-billion-parameter models sometimes outperforming larger 70-billion-parameter ones .

This suggests that alignment layers, prompt engineering, and reinforcement tuning—often added by independent developers—can significantly reshape how models behave in real-world settings. The author notes that these community adjustments are rewriting traditional assumptions about the centralization of AI safety, transferring substantial control to decentralized, global user networks.

A concentrated but decentralized market

The research also uncovers a paradox at the heart of the open-weight AI ecosystem: it is both decentralized and highly concentrated. Although anyone can download and modify LLMs, a small number of providers dominate their distribution. The top 5% of providers account for over 60% of total downloads, while the top 20 control nearly 86% of all deployments .

This concentration raises questions about data provenance, quality assurance, and governance in what appears to be a decentralized landscape. The study emphasizes that open-weight diffusion has formed a “shadow infrastructure” of AI sharing hubs, particularly on platforms like Hugging Face, GitHub, and model aggregation sites, where model variants proliferate at unprecedented speed.

One of the clearest trends is the dominance of GGUF packaging, a file format designed for local inference and offline use. The format’s popularity reflects the shift from cloud-based AI to edge and personal deployment, allowing individuals to run models entirely on their own hardware.

Interestingly, 4-bit quantized models, which compress memory requirements, are now the most shared versions across public repositories. Yet full-precision (16-bit) and non-quantized models remain the most downloaded overall, signaling a trade-off between accessibility and performance.

The study warns that this dynamic accelerates the democratization of AI access while simultaneously multiplying potential misuse scenarios, as locally hosted models escape the oversight typical of centralized systems.

Governance in the age of local AI

The paper issues a clear warning: AI governance frameworks are not keeping pace with open-weight proliferation. The study argues that most current policy discussions focus on cloud-based services, those controlled by major technology firms, while the real frontier of risk now lies in local, user-modified deployments.

In this distributed landscape, enforcement becomes nearly impossible. Once an open-weight model is released, it can be replicated, retrained, or stripped of its safety filters by anyone with moderate technical skills. The study calls this a “decentralized governance dilemma,” where responsibility for AI behavior diffuses across thousands of anonymous developers and users.

The analysis concludes that traditional regulatory approaches, focused on corporate accountability and API control, no longer apply. Instead, governments and research institutions must design monitoring and transparency systems suited for decentralized AI ecosystems. This includes developing tools for model provenance tracing, encouraging responsible modification standards, and strengthening community-driven safety oversight.

The paper further suggests that tracking AI packaging formats, quantization methods, and distribution flows can serve as practical indicators for policymakers to monitor the evolution of open-weight AI. In other words, governance must adapt from static compliance checks to dynamic ecosystem monitoring, similar to how cybersecurity handles open-source software supply chains.