OpenHuman Guide
OpenHuman Guide

Security Analysis

OpenHuman Security & Privacy Analysis — AI Agent Risk Assessment

2026-05-24~10 min read

OpenHuman is a "local-first" AI agent — your data stays on your machine by default. This is significantly more private than cloud-only solutions like ChatGPT. However, local-first doesn't mean risk-free. This article provides a thorough security and privacy analysis.

Data Storage: Local-First Model

All data — conversations, memory tree, file indexes — is stored locally on your machine. OpenHuman never uploads your data to external servers unless you explicitly configure it to use cloud model APIs.

  • Memory Tree — stored at ~/.openhuman/memory_tree
  • Config files — at ~/.openhuman/config.toml
  • API keys — stored in config, can be encrypted

API Key Security

When you use third-party LLM APIs (OpenAI, DeepSeek, etc.), your queries and context are sent to those providers. This is the main data exposure vector:

  • OpenHuman sends compressed context to the model API with each request
  • The API provider sees your prompts and context
  • Choose providers with strong privacy policies (e.g., DeepSeek, which doesn't train on user data)
  • Consider local models with Ollama for zero data exposure

OAuth Integration Risks

Connecting Gmail, GitHub, Google Calendar gives OpenHuman read access to those services. While all data stays local, the OAuth tokens themselves grant access:

  • Tokens are stored locally in config files
  • If someone gains access to your machine, they could extract these tokens
  • Use OS-level encryption for your home directory
  • Review and revoke unused OAuth grants regularly

Best Practices

  • Encrypt your disk — FileVault (macOS), BitLocker (Windows), LUKS (Linux)
  • Use local models — run Ollama with open-source models for complete privacy
  • Regular backups — encrypt your memory tree backup
  • Review permissions — check which OAuth grants are active

Conclusion

OpenHuman's local-first architecture makes it one of the most private AI assistants available. The primary risk is not OpenHuman itself, but the cloud APIs you choose to use. For maximum privacy, pair OpenHuman with a local model running through Ollama.