What it is
ComfyUI is a node-graph editor for diffusion models: Stable Diffusion, FLUX, Stable Video, AnimateDiff. You wire model loaders, samplers, conditioning nodes, and post-processing into a graph and run it. Automatic1111 is the older single-page-app cousin. Both are how artists, hobbyists, and a growing number of commercial studios actually generate images and short video at scale on self-hosted hardware.
What goes wrong
ComfyUI ships with no authentication and an HTTP API that accepts arbitrary
Python custom-node code execution as a feature. Workflow JSON files include
the full graph (model paths, LoRA weights, sometimes seeds and prompts),
which is enough to reconstruct an operator’s creative process or extract
proprietary fine-tuned weights. The /object_info endpoint enumerates every
loaded model and custom node; the queue endpoint accepts arbitrary workflows
from anyone who can reach the port.
How we test
We probe /object_info for the model inventory, /queue for currently-running
jobs (often labelled with the operator’s project name), and /history for the
last N generations. The history endpoint is particularly attribution-rich: it
contains thumbnails of past outputs, which on commercial deployments is the
operator’s actual product pipeline. We never enqueue jobs. The read surface
alone is sufficient evidence.