Air-gapped AI: maximum privacy for your business
Air-gapped AI: maximum privacy for your business
Generative AI is no longer a laboratory curiosity: it is a productive tool that drafts contracts, classifies case files, summarises technical reports, and assists workers on the shop floor. But every time a query travels to the cloud, data leaves the company perimeter. For many organisations, that is a non-negotiable limit.
The most drastic —and safest— answer is not just installing a model on a local server. It is creating an air-gapped architecture: a physically and logically isolated AI environment with no internet or external network connection. This option turns artificial intelligence into an asset fully under internal control.
What is an air-gapped AI architecture?
In cybersecurity, air-gapped means a system has no network connectivity with the outside. No Wi-Fi, no cable to a corporate LAN with internet access, no VPN, no DNS. The only way to move information is physically and in a controlled manner: scanned USB drives, shielded transfer stations, or a data diode that only allows one-way passage.
Applied to AI, the language model, its vector database, corporate documents, and execution agents reside on an internal server or cluster. When an employee asks a question, inference happens inside that perimeter. No data leaves, no API call reaches a remote provider, and no telemetry log crosses the air boundary. It is, literally, AI isolated from the network.
Air-gapped is not just "on-premise": the key difference
It is common to confuse "local" with "air-gapped". An on-premise model can run in the company data centre and still have internet access to validate licences, download updates, synchronise repositories, or send telemetry to the manufacturer. That is already a big advance over SaaS, but it remains an attack vector: a vulnerability, a compromised account, or a configuration error can open a door.
An air-gapped architecture closes that door by design. The machine hosting the model does not know the internet. It does not resolve domain names, does not accept incoming connections, and does not establish outgoing ones. Updates are introduced manually after review; data only enters or leaves through audited physical channels. The remote attack surface is reduced to zero.
In short: on-premise is "at home"; air-gapped is "in a vault inside the home".
When does your company need air-gapped AI?
Not every organisation needs this level. But when these conditions apply, air-gapped moves from technical luxury to operational requirement:
- Extremely sensitive data: medical records, legal case files, industrial designs, defence information, or trade secrets.
- Strict regulatory frameworks: GDPR in Europe, national security schemes in Spain, or sector regulations that prohibit or limit cross-border data transfer.
- Zero trust in third parties: the company does not want to depend on a provider's retention policies or confidentiality agreements.
- Reputation and continuity: a leak, even indirect, would have an unbearable reputational or legal cost.
If what you handle cannot leave your premises, neither can the AI.
Sectors where air-gapped is essential
Healthcare. Hospitals, clinics, and laboratories manage clinical histories, genetic test results, and mental health data. Integrating AI to summarise records or assist diagnoses without air-gapping would expose protected information.
Legal sector. Law firms and legal services work with client data, litigation strategies, and confidential contracts. Professional secrecy and data protection laws make air-gapped a natural choice.
Defence, security, and public sector. Institutions handling classified or restricted information need infrastructures aligned with national security schemes (ENS) or international standards such as NATO Restricted. Here air-gapped is the norm, not the exception.
Critical industry and OT. Manufacturing plants, power stations, transport networks, and SCADA systems combine operational technologies (OT) with information systems. An AI model that helps interpret logs or predict failures must not offer a bridge between the industrial network and the outside.
Banking, insurance, and fintech. Although many banks use private cloud, air-gapped makes sense for internal fraud detection models, credit risk analysis, or anti-money laundering investigations.
How air-gapped AI is deployed in practice
Building an air-gapped environment requires planning, but it is not science fiction. The usual components are as follows.
Hardware and software
Start with an internal server with a GPU suited to the model size. For Llama 3, Mistral, or smaller specialised models, workstations with one or several GPUs can be used, or a small cluster if user load is high. The operating system is installed from verified media; all wireless network adapters are disabled, and an isolated internal network is configured with no default gateway to the internet.
The AI software usually includes a local inference engine (Ollama, vLLM, TGI), a local vector database (pgvector, Chroma, or Milvus deployed internally), a RAG system to query internal documents, and, if agents are used, an orchestration platform such as n8n configured with no internet access. At Neurosint we usually add sandboxing for code execution, so that not even a local agent can move data outside its cell.
Data transfer
Information flow must be unidirectional and controlled. The simplest approach is an import station: an intermediate PC with no connection to the production network, where files are scanned, unnecessary metadata removed, and only then copied to the air-gapped environment via clean physical media. In very demanding environments, data diodes are used: hardware devices that only allow bits to travel in one direction, preventing any return path.
AI results leave in the same way: printing on paper, audited USB export, or, in more flexible organisations, through a second intermediate station reviewed by the security team.
Updates and maintenance
A system without internet does not maintain itself. You must design an offline patch repository: the security team downloads operating system, library, and model updates from a connected machine, verifies them with checksums and signatures, and introduces them into the air-gapped environment following a documented procedure.
Language models are also updated. When a new version of an open-source model appears, it is downloaded, quantised if necessary, and deployed on the isolated server. Testing is done first in an air-gapped staging environment before moving to production.
Limitations you should know before deciding
Air-gapped offers extreme privacy, but it is neither free nor universally convenient:
- Higher initial investment. You must buy your own hardware, configure the network, and dedicate specialist time.
- Slower updates. There are no automatic 2 a.m. patches; every change requires a manual flow.
- No real-time web RAG. If your use case depends on online information, air-gapping will not cover it unless you periodically import frozen datasets.
- More user friction. Uploading documents or retrieving results requires following protocols; it is not as smooth as a cloud app.
- Dependence on internal team. You need people who know Linux, networks, containers, and AI models, or a partner who does it for you.
That is why we recommend first evaluating whether a connected local model or a private cloud covers the risk. If not, then the leap to air-gapped is justified.
Conclusion: absolute sovereignty over AI
Air-gapped AI is the safest extreme of the technology sovereignty spectrum. It is not the cheapest or fastest option, but it is the only one that guarantees that your data, your models, and your reasoning processes never cross a network line to the outside.
For hospitals, law firms, critical industry, defence, or any company handling strategic knowledge, it is a real and mature alternative. And for SMEs in and around Bilbao and the Basque Country, which increasingly seek to differentiate themselves through the trust they offer clients, it can become a tangible competitive advantage.
At Neurosint we design and implement open-source AI architectures adapted to the security level your business needs, including fully air-gapped deployments. If you think your company needs AI isolated from the network, contact us and we will study the most efficient solution together.
Ready for the technology leap?
Don't let your SME fall behind. We implement the AI infrastructure that will give you the competitive edge.
Book Your Free Audit