Security concerns about AI tool infrastructure are becoming mainstream.

For a while, the conversation was mostly in security research and enterprise IT circles — edge cases, theoretical attack surfaces, academic concerns. That’s changing. The discussion is moving into general developer communities, into product blogs, into the mainstream tech press.

What’s driving it: AI tools have access. Not the same access as a calculator or a text editor. Tools that read your files, query your databases, run commands on your behalf. The attack surface is proportional to the capability.

The specific concerns vary by architecture. Remote tools — those that make outbound connections to external services, that run on third-party infrastructure, that require authentication handoffs — have one set of risk vectors. Local tools — those that run on the same machine as the data, that communicate over standard I/O, that have no network dependency — have a fundamentally different and smaller surface.

This isn’t a theoretical distinction. It’s the difference between “your document analysis happens on our cloud infrastructure under our security model” and “your document analysis happens on your machine under your security model.”

For most buyers, the cloud model is fine. The vendor is reputable, the SOC 2 report is clean, the BAA is signed. Proceed.

But there’s a category of buyer for whom “on our cloud infrastructure” is the end of the conversation. Not because they doubt the vendor’s good intentions. Because their information is sensitive enough that the question of where processing happens is a constraint, not a preference.

Sensitive deal documents. Confidential investor information. Non-public financial data. Information covered by NDA. Information covered by fiduciary duty.

For these buyers, local processing isn’t a nice-to-have — it’s the precondition for using the tool at all.

The security argument for local-first AI isn’t that cloud is bad. It’s that local is the only viable option for a specific, identifiable segment of buyers. And that segment tends to be high-value.

Knowing which argument applies to your buyer before you start the conversation saves everyone time. +++