Why local AI?
AI is useful — that is exactly why confidential text ends up in places it should never go. This page explains the problem, and the structural answer.
The problem called “Shadow AI”
Employees paste work documents and customer information into cloud AI services their company never approved. This pattern — “Shadow AI” — has become a recognized information-leak path for organizations.
In IPA's “10 Major Security Threats 2026” (organizational category), “cyber risks around the use of AI” entered the list for the first time, at No. 3. Banning the tools does not make the demand disappear: the problem happens precisely because AI is useful.
Source: Information-technology Promotion Agency, Japan (IPA), “10 Major Security Threats 2026” (www.ipa.go.jp/security/10threats/10threats2026.html). The ranking reflects aggregated social impact as assessed by IPA, not severity or response priority.
The answer: run the model locally
If the model runs on your own PC, your documents physically never leave it. There is nothing to upload, no account to leak, no server to breach.
This is a different kind of answer from policy documents and training sessions: not “forbidden by rule” but “impossible by structure.”
The value of being able to prove it
Most tools that say “we don't send your data” are asking you to take their word for it. OnecaratEditor records every external request in an append-only log — network.log — that you can open and audit yourself, at any time.
Every external request the app ever makes is written to network.log — an audit trail you can open anytime.
An honest note on limitations
A local LLM is more modest in capability than the largest cloud models. We won't pretend otherwise.
But for practical work — summarizing, proofreading, Q&A over your own documents — it performs well. And compared to a world where AI simply cannot be used on confidential documents at all, the choice itself changes.