New Desktop App “Noi” Consolidates Multiple Generative‑AI Services into a Single Secure UI
What Happened — ZDNet reports the launch of Noi, a free‑to‑install GUI that aggregates popular LLM providers (ChatGPT, Claude, Gemini, Perplexity, etc.) and local models (Ollama) under one desktop interface. The app offers multi‑window management, session isolation, local‑first history storage, and a built‑in terminal for command‑line AI tools.
Why It Matters for TPRM —
- Centralizing external AI APIs expands the attack surface of any third‑party risk program that permits employee use of generative AI.
- Session isolation and local‑first data storage mitigate data leakage, but the app still requires credentialed access to many cloud services.
- Vendors that embed Noi into internal workflows must be vetted for secure API key handling and compliance with data‑privacy policies.
Who Is Affected — Technology SaaS providers, enterprise R&D teams, and any organization that integrates third‑party LLMs into business processes.
Recommended Actions —
- Review the vendor’s security posture and data‑handling practices before authorizing Noi on corporate devices.
- Enforce least‑privilege API keys and monitor outbound traffic to AI endpoints.
- Update acceptable‑use policies to cover multi‑service AI platforms and require session‑isolation controls.
Technical Notes — Noi is a client‑side application; it does not host AI models but connects to external APIs via HTTPS. No known CVEs are associated with the app itself, but the underlying services (e.g., OpenAI, Anthropic) may have their own vulnerabilities. Data types processed include prompts, code snippets, and potentially PII if users input personal information. Source: https://www.zdnet.com/article/noi-ai-desktop-app/