AI assistants are transforming work by automating tasks and improving access to information. This poses security challenges, particularly when it comes to managing sensitive data. Open source solutions such as Librechat, Khoj and OpenWebUI offer local control over data. This article compares their strengths, limitations and customisation options.
Today, AI personal assistants are transforming the workplace landscape by leveraging various internal knowledge bases such as textual documents, databases, calendars, and more. These advanced technologies enable businesses to streamline processes, enhance decision-making, and boost operational efficiency by providing fast and intelligent access to crucial information. By harnessing artificial intelligence, organizations can automate routine tasks and focus human resources on higher-value activities.
However, with the growing adoption of these tools, concerns around data security and privacy have become increasingly important. Businesses must ensure that sensitive information remains protected while still being accessible by AI systems. This requires solutions that not only manage data efficiently but also adhere to strict privacy and security standards to prevent data leaks and ensure regulatory compliance.
In this context, this article focuses on three promising open-source solutions: LibreChat, Khoj, and OpenWebUI. Each of these platforms can be deployed locally, allowing companies to maintain full control over their data while enjoying the benefits of AI. We will explore their capabilities, distinct advantages, potential limitations, and customization flexibility to help professionals select the most suitable tool for their specific needs in an ever-evolving work environment.
2.1. Overview of the Solutions
2.1.1. OpenWebUI
OpenWebUI s an interface designed for leveraging AI models, whether local or online. It supports OpenAI and Ollama APIs and includes user and permission management features. It is backed by a strong community with over 400 contributors.
2.1.2. LibreChat
Librechat is an open-source AI chat platform. It enables interaction with various AI models and offers advanced features such as conversation management, code execution tools, and file analysis. It is actively developed by a community of over 200 contributors.
2.1.3. Khoj
Khoj presents itself as a personal AI assistant, combining chat capabilities with document search and automation. It facilitates querying AI models and accessing information across platforms. It is supported by a team of 50 contributors.
2.2. Comparison of the Solutions
2.2.1. User Experience
OpenWebUI features a modern and clean interface, visually inspired by well-known tools like ChatGPT. Navigation is smooth, and conversation management benefits from a structured, intuitive history system. Its minimalist design makes it accessible even to less tech-savvy users.
Unlike other conversation-focused tools, Khoj positions itself as an intelligent assistant specialized in document research. Its interface is highly technical, targeting users with specific needs for consulting and analyzing personal files. It favors functionality over aesthetics, while maintaining usability.
LibreChat offers a user-friendly interface for quick onboarding, though experienced users might desire more visual customization and conversation management options. Its default appearance delivers effective functionality, with potential for optimization across certain screen sizes or resolutions—something that would further enhance its professional appeal.
2.2.2. License, Community, and Support
The open-source license is a key criterion for organizations and developers. LibreChat uses the permissive MIT license, Khoj is under the more restrictive AGPL-3.0, and OpenWebUI uses the permissive BSD-3 license.
In terms of community, OpenWebUI leads with over 66.1K stars on GitHub, compared to 25.6K for Khoj and 21.2K for LibreChat. This translates into higher activity and faster evolution.
2.2.3. Security Aspects
Security assessment was based on publicly available information, as detailed in Appendix A. The tool with the best overall security posture appears to be OpenWebUI, with an active community, automated security verification processes, and documented, corrected vulnerabilities.
Khoj follows in second place, covering security aspects reasonably well, though less comprehensively than OpenWebUI. LibreChat, by contrast, appears to be less mature from a security perspective at this time.
2.2.4. Technologies Used
OpenWebUI is built on Svelte, a modern user interface framework known for its compile-time approach. Unlike traditional libraries, Svelte generates optimized code during compilation, significantly reducing the workload on the browser. This allows developers to create concise, high-performance components using standard languages like HTML, CSS, and JavaScript.
The backend of OpenWebUI is primarily developed in Python, using frameworks such as FastAPI to provide a fast and asynchronous REST API. OpenWebUI supports multiple databases, including SQLite (by default) and PostgreSQL, for managing user data and conversation history. Its modular architecture allows for easy extension of features, with a plugin system for adding external connectors (such as Hugging Face, OpenAI, etc.). This backend is designed to be lightweight, scalable, and compatible with containerized deployments via Docker, making it easy to integrate into various environments.
The Khoj project uses React for its user interface development. Created by Facebook, this JavaScript library is widely recognized for building dynamic, responsive, and modular interfaces using reusable components. React’s declarative approach simplifies state management, making the development of complex applications more predictable and maintainable.
Khoj’s backend is designed to be high-performing, modular, and extensible. It is primarily developed in Python and uses components from frameworks such as FastAPI and Django to build its REST API. The database layer is built on PostgreSQL for managing structured data, while Qdrant or FAISS is used for vector search and embedding management. The architecture is modular, enabling easy integration of various components like NLP models (e.g., GPT, Llama, or Whisper for language and voice processing) and connectors to external services. The entire system is containerized with Docker and can be deployed using Kubernetes for optimal scalability. Security is ensured through OAuth2 authentication and data encryption mechanisms.
LibreChat also uses React for its front-end, combined with the Next.js framework, which provides advanced server-side rendering and performance optimization features. This modern architecture enables a fast, smooth experience aligned with current web development standards.
LibreChat’s backend is built on a JavaScript Node.js stack, using Express.js as the main framework for managing routes and APIs. It incorporates flexible authentication systems (such as JWT or OAuth) and supports multiple LLM providers like OpenAI, Anthropic Claude, or self-hosted models via Ollama. The database primarily uses MongoDB (a NoSQL database) to store conversations and user settings, offering good scalability for unstructured data. The architecture is designed to be modular, making it easy to add new plugins or connectors (e.g., external tools via webhooks or custom APIs). Deployment is simplified using Docker, and the backend can be paired with services like Redis for cache management. Finally, LibreChat emphasizes customization and privacy, offering options for fully self-hosted deployments.
More installation details can be found in Appendix B.
Which Tool Should You Choose?
As AI-based personal assistants become essential for optimizing the workplace, choosing the right solution is a strategic decision. The three open-source platforms analyzed—LibreChat, Khoj, and OpenWebUI—each offer unique strengths that address different organizational needs in usability, customization, security, and technical integration.
What Will We Do at CETIC?
This comparison has enabled CETIC to select the open-source solution we will use to support our language model research integrated into our Chani demonstrator. We chose OpenWebUI because it natively offers the functionalities aligned with our development goals and easily supports further integration.
As these are open-source tools, our first data source was GitHub (https://github.com/open-webui/open-webui, https://github.com/khoj-ai/khoj, https://github.com/danny-avila/LibreChat). We analyzed whether development was active and responsive to security issues. Some repositories had defined a security section, documented and patched vulnerabilities, and implemented automated pipelines with security steps.
The second source was the MITRE CVE (Common Vulnerabilities and Exposures) database. We checked whether known vulnerabilities were publicly listed, still exploitable, or mitigated.
The third source was Snyk, a code analysis tool and vulnerability database. We checked whether regular vulnerability scans were published for the three tools on GitHub. This multi-source approach provided an objective view of known security issues and developer commitment to security.
OpenWebUI Install locally with Docker:
$ docker run -d -p 3000:8080 --add-host=host.docker.internal:host-gateway ghcr.io/open-webui/open-webui:main
Access locally via: http://localhost:3000
For development setup: OpenWebUI Dev Docs
Khoj
Install via pip in a Python virtual environment (preferably on a Linux GPU-enabled machine):
$ python -m venv .venv
$ source .venv/bin/activate
$ CMAKE_ARGS="-DGGML_CUDA=on" FORCE_CMAKE=1 python -m pip install 'khoj[local]'$ USE_EMBEDDED_DB="true" khoj --anonymous-mode
Access locally via: http://localhost:42110
For development setup: Khoj Dev Docs
Librechat
Clone the repository and run via Docker or in development mode:
$ git clone https://github.com/danny-avila/LibreChat.git
$ cd LibreChat
$ cp .env.example .envTo run with Docker:
$ docker-compose up -d
To run in development mode (requires Node.js and MongoDB):
$ npm ci
$ npm run frontend
$ npm run backendAccess locally via: http://localhost:3080.