J AI Studio is designed to run locally. By default it binds to 127.0.0.1.

Only use HOST=0.0.0.0 on a trusted network. The app can open local folders and talk to your local ComfyUI server, so do not expose it directly to the public internet.

To report a security issue, open a private security advisory on GitHub if available, or contact the repository owner directly.