For the past few weeks we have been experimenting in the company with an ASUS Ascent GX10, a compact AI workstation based on NVIDIA's Grace Blackwell GB10 platform, the same technology family behind NVIDIA DGX Spark. It is a fascinating device because it brings to a desk, in a compact form, part of what until recently we associated with expensive servers, dedicated racks and much more structured research environments.
It is not just a powerful machine. It is a symbol. It lets you touch a phase change: local inference, tests on quantized models, fine tuning, evaluation of open-weight models, offline experiments, data privacy, low latency and direct control of the environment. These were not always part of the daily work of many companies.
To simplify local inference we often use LM Studio, a very convenient tool: polished graphical interface, local API, server mode, a usable CLI and integration with the llama.cpp ecosystem. In a few minutes you can download a model, run it, test it and start thinking about real use cases.
And that ease is exactly what makes the issue interesting. When power becomes local, relatively accessible and wrapped in simple tools, the question is no longer only technical. It becomes moral, organizational and political.
When a model name forces a question
During an experimentation session I found a model whose name explicitly declared two concepts: uncensored and aggressive. Its description explained that the goal was to preserve the capabilities of the original model while removing refusals. In other words: the same base model, fewer brakes.
Depending on your point of view, that promise can look like freedom or irresponsibility. On one hand, many researchers and developers criticize models that are too restrictive because they refuse legitimate requests, block technical analysis, interfere with security research or treat competent adults as if they had no judgment. On the other hand, a model that says it will refuse almost nothing raises an obvious question: what happens when the request is actually harmful?
To understand the model's behavior, I ran a deliberately extreme test asking for help with a violent and illegal action. I will not reproduce the prompt in detail and I will not reproduce the operational answer. The point of the experiment was not to obtain instructions, but to see whether the model would recognize the boundary.
The answer was disturbing: after a reasoning phase, the model began providing a practical procedure apparently oriented toward causing physical harm while avoiding legal consequences. Whether it was technically valid or not is not the point. The point is that the system did not treat that request as something to block, reframe or redirect toward safe content.
Another detail makes the issue less theoretical: at the time of observation, that model showed 2,716,651 downloads in the last month and around 1.87k likes. These numbers change over time, but they are not marginal. They suggest that we are not talking about an obscure experiment hidden in a corner of the internet, but about a technical object with significant reach.
"Uncensored" is not a neutral word
In the language of AI models, "uncensored" can mean many things. It can indicate a model that is less moralizing, more willing to discuss adult topics, more useful for creative writing, defensive cybersecurity, political analysis or research on sensitive subjects. Not everything that a commercial model censors is truly dangerous.
But when the absence of refusals becomes an absolute value, a crucial distinction is lost: not every restriction is paternalism. Some restrictions are reasonable barriers against real harm. Discussing a sensitive topic critically is one thing. Producing operational assistance to harm someone is another.
The word "aggressive" makes the issue even clearer. If a model is presented as fully unlocked, able to answer prompts that other models would refuse, then we are not speaking only about research freedom. We are speaking about access to potentially dangerous capabilities without context, identity, audit, accountability or friction.
The false comfort of "it is only text"
A common response is: an LLM only produces text. It does not build anything by itself. It does not act in the world. It cannot be responsible for human actions. All of that is true, but insufficient.
Text is often the beginning of action. Manuals, procedures, plans, code, exploits, chemical instructions, fraud, social engineering, automations: many things in the real world begin as structured information. A model does not need hands to increase risk. It only needs to lower the cognitive cost for someone who wants to do something harmful.
This is true even if the answer is imperfect. A wrong output can still orient, inspire, suggest keywords, make a path look feasible or push a person to iterate. The problem is not only technical correctness. It is enablement.
The risk does not come from a model knowing everything. It comes from making it easier to try, iterate and believe one can do things that previously required expertise, access and time.
The appeal of local AI
It would be wrong, however, to turn this reflection into a condemnation of local AI. On the contrary: the ability to run models locally is one of the most important things happening in the field.
For companies, it means experimenting without sending sensitive data to external services. It means testing models on internal knowledge bases, prototyping offline, reducing dependency on remote APIs and controlling latency, costs and availability. For developers and researchers, it means understanding what happens under the hood, trying quantizations, comparing models, measuring performance and building real competence.
Machines like the ASUS Ascent GX10 or NVIDIA DGX Spark do not magically democratize frontier AI, but they make work with meaningful local models much more concrete. It is a cultural shift: AI stops being only a web service and becomes again a system you can install, observe, measure and govern.
LM Studio and the new ergonomics of experimentation
Tools like LM Studio play a major role in this transformation. They make simple what previously required more steps, more familiarity with toolchains and more time. You can search for a model, download it, run it, expose a local endpoint compatible with existing workflows and experiment quickly.
This ergonomics is positive. The problem is not the simplicity of the tool. The problem is when simplicity hides the seriousness of what you are running. A local model is not just another app. It may contain knowledge, bias, capabilities, limits and behaviors that the interface does not immediately reveal.
The easier it becomes to run models, the more important it becomes to build culture around what is being run. Provenance, license, dataset, quantization, fine tuning, behavior on sensitive prompts, logging, network isolation, access, monitoring and internal policy become part of technical responsibility.
It may be legal, but is that enough?
The most unsettling point is the distance between legality and responsibility. A model can be published, downloaded, executed and used legally. But legality does not exhaust the moral question.
Is it right that models modified to remove almost every refusal are available with no friction? Is it right that anyone can download them, run them locally and use them for plainly harmful requests? Is it enough to say that responsibility belongs only to the end user? Or do the people who publish, distribute, index and facilitate the use of these models carry at least some responsibility?
There is no simple answer. Blocking everything would be naive and probably harmful to research, technical freedom and independence from large platforms. But pretending there is no problem is just as naive. Local availability changes the risk surface: there is no longer only a central provider that can apply policy. There is a distributed ecosystem that can be copied and run offline.
Between censorship and responsibility
The discussion is often trapped in a false alternative: either fully locked-down models or fully open models. The real world needs more nuance.
A useful model should be able to discuss difficult topics. It should help with defensive cybersecurity, training, writing, research and analysis of real risks. But it should also recognize when a request becomes operational assistance to harm. This boundary is not perfect and never will be, but abandoning it entirely means accepting that every capability is available for every purpose.
Responsibility does not have to mean centralized censorship. It can mean clear model classification, serious warnings, safety benchmarks, optional but well-documented filters, company policies, isolated environments, usage audits, internal training and a technical culture that does not confuse freedom with absence of consequences.
What companies should do
Companies experimenting with local AI should treat these models as sensitive infrastructure components, not as simple desktop applications. That means at least:
- defining which models may be used and for which purposes;
- separating personal, test and production environments;
- preventing unverified models from accessing sensitive data;
- documenting provenance, license and expected model behavior;
- explicitly testing sensitive prompts and failure modes;
- setting internal policies for logging, retention and access;
- training people that local does not automatically mean safe.
This does not kill experimentation. It makes it sustainable. The difference is the same as installing random software on a server versus governing a production environment.
Conclusion: the right question
The question is not whether uncensored models should exist. In an open ecosystem, they probably will exist anyway. The more useful question is: what responsibilities do we accept when we make them accessible, easy to use and apparently harmless?
The power of local AI is real. It is fascinating, useful and strategic. But precisely because it is real, we cannot treat it like a toy. If a small workstation on a desk can run models capable of reasoning, writing code, analyzing documents and answering without filters to dangerous requests, then that workstation is not only a lab. It is also a point of responsibility.
Technical maturity is not trying everything that is possible. It is understanding what we are enabling, for whom, under which limits and with which consequences. Local AI gives us more control. Now we have to prove we deserve it.
Want to experiment with local AI responsibly?
We help companies and teams integrate AI with attention to security, processes, policy and operational accountability.
Start the conversation