diff --git a/siwatsystem/pympta.py b/siwatsystem/pympta.py
index 5e32596..68bef69 100644
--- a/siwatsystem/pympta.py
+++ b/siwatsystem/pympta.py
@@ -54,6 +54,21 @@ def load_pipeline_node(node_config: dict, mpta_dir: str) -> dict:
     return node
 
 def load_pipeline_from_zip(zip_source: str, target_dir: str) -> dict:
+    # Restrict to models directory for security
+    if not zip_source.startswith('models/'):
+        zip_source = os.path.join('models', zip_source)
+    
+    # Validate the path is within models directory (prevent path traversal)
+    try:
+        abs_zip_path = os.path.abspath(zip_source)
+        abs_models_path = os.path.abspath('models')
+        if not abs_zip_path.startswith(abs_models_path):
+            logger.error(f"Security violation: {zip_source} is outside models directory")
+            return None
+    except Exception as e:
+        logger.error(f"Error validating path {zip_source}: {str(e)}")
+        return None
+    
     logger.info(f"Attempting to load pipeline from {zip_source} to {target_dir}")
     os.makedirs(target_dir, exist_ok=True)
     zip_path = os.path.join(target_dir, "pipeline.mpta")