Threat model highlights
- Local machine compromise can expose local caches, screenshots, or sessions.
- Hosted service compromise can affect accounts, billing, or update delivery.
- AI output can still be wrong or unsafe even when infrastructure is healthy.
- Browser automation and computer-use features should be treated as powerful actions that deserve clear user intent.
What Sylica AI does today
- Uses HTTPS-backed hosted infrastructure for web access and update delivery.
- Separates the desktop app from the backend and publishes versioned Windows update artifacts.
- Keeps the app mostly desktop-driven so the full interaction loop does not depend on the public website UI.
- Allows browser automation to pause for sensitive inputs rather than blindly auto-filling every step.
User guidance
- Install only builds published from the official domain.
- Keep Windows, the browser, and the desktop app updated.
- Review automation tasks before use, especially browser actions with billing or account impact.
- Do not rely on AI output alone for legal, security, or compliance decisions.