VisoRAG is a GPU-backed document AI service intended for controlled local or private deployments. It should not be exposed directly to the public internet without additional controls.
- Uploaded documents are untrusted input.
- Document text and images can contain prompt-injection instructions.
- PDF and DOCX parsing depends on third-party libraries and local LibreOffice for DOCX conversion.
- The FastAPI bearer token is a local access control, not a full user-auth system.
- The model runtime downloads and executes large ML dependencies and model artifacts.
- Runtime logs may expose uploaded filenames and query snippets unless logging is disabled or isolated.
- Set a strong
VISORAG_API_TOKEN. - Restrict CORS to trusted origins.
- Put the API behind TLS and an authenticated gateway.
- Disable request/response logging for sensitive documents.
- Use isolated temporary storage for uploads.
- Apply dependency scanning and patch model/runtime dependencies.
- Never commit uploaded documents, model weights,
.envfiles, or cache folders.
The model answers from visible document content. Malicious documents can include instructions that conflict with user intent. Downstream systems should treat answers as untrusted and require human review before side effects.