Technical Documentation Rev 4 | Updated January 10, 2026

AirgapAI Technical Architecture & Security Overview

Comprehensive technical documentation for enterprise architects evaluating AirgapAI's air-gapped AI/LLM solution.

Document Revision History

Rev#	Date	Purpose	Pages Revised
4	2025-9-9	Added details on Federal Government use	Section 3
3	2025-7-8	Added additional security enhancements	All
2	2025-5-21	Enhanced Details around Upcoming Blockify Options	All
1	2024-12-10	First Full Release	All

Executive Summary

AirgapAI offers a highly secure, air-gapped AI/LLM solution designed for organizations with stringent security and compliance requirements. This platform operates entirely locally on endpoints, ensuring all data processing, storage, and queries remain on the device with no outbound connections or cloud dependencies.

Uncompromised Data Security

All user data and processes are isolated and stored locally, eliminating data exfiltration risks and meeting the highest security standards (e.g., USAF, DOD, Intelligence).

Air-Gapped by Design

The system is engineered for complete isolation, making it ideal for handling classified data and operating in sensitive, high-security environments, or in remote field locations with limited connectivity.

Flexible Deployment & Management

Supports various device types (x86, ARM, VDI), offering fully local installation with centralized or decentralized updates. User profiles and data can be managed via familiar methods like Intune or network shares.

Granular Access Control

Patented "Blockify" data pipeline enables fine-grained permissioning and exclusion-based access to "IdeaBlocks," ensuring data is accessible only to authorized users.

Hardware Agnostic & Scalable

Supports discrete GPUs and NPUs, allowing for performance scaling and compatibility with diverse hardware and model sizes.

Single-Tenancy

Each device operates as a single-user, single-tenant environment, further isolating application stacks and preventing cross-device data transmission.

Controlled Updates

Model updates require human/admin approval, providing an additional layer of security control.

No Telemetry or Keylogging

Ensures complete privacy and prevents any outbound data transmission.

System Technical Architecture

1.1 Devices, Models, and Deployment

Device Support

Workstations, AI PCs (Laptops and Desktops), and other endpoints
Supports x86 (Intel, AMD) and ARM (Snapdragon); silicon-agnostic
Virtual Desktop Infrastructure (VDI) with GPUs only

Deployment Model

Fully local (air-gapped) installation, keeping all data/processes on endpoint
No network connectivity required by default; designed for strict, high-security settings
Centralized/Decentralized Updates:
- Delivered via Intune/other image management, network file share, or as part of new device image
- User profiles configured via JSON files saved in %APPDATA%
- Automatic updates, if enabled, can be served from Iternal systems (PoC phase only) or a simple customer-hosted server

Hardware Acceleration & Model Sizing

Supports discrete GPUs and NPUs for performance scaling
Model sizes can vary (1B, 7B, 8B, 22B, etc.) to match hardware capabilities
Parallel inference execution support available

Data Ingestion & Delivery

Datasets deployed as JSONL files via device imaging, network shares, or direct upload

1.2 Data Flow and Management

Blockify Data Pipeline

Patented pipeline ingests, deduplicates, and distills data (marketing, tech docs, PDFs, PPTs) into modular "IdeaBlocks"
Enhanced LLM accuracy with fine-grained permissioning
100% Local on client device Blockify available in August 2025 (license included)
Datacenter Blockify LLM available today (separate license)

Ingestion Workflows

Can occur on-prem (data center w/ GPU) or locally (device)
Supports both central and device-based ingestion/updates
Updates via network shares, Intune/similar, or direct upload

1.3 Application Stack

Technology

JavaScript / React / Electron, cross-platform, user-focused workflows

Solution Packaging

AirgapAI, Blockify, and tools are available as pre-built SKUs

Model Support

Customer selected Public Open Source LLMs (Llama, Gemma, Mistral, etc.) and custom quantized models based on standard architectures
Users can customize workflows before pushing to local devices via JSON config files and your standard file push process via MS Intune

1.4 Storage Architecture

Local Storage

All user data is locally stored in user profiles in a levels.js database (chats, settings, benchmark data) or as files (models, corpuses)
No off-device transmission
Levels.js is an open-source technology, so IT can "pull data" from the device but that would be a completely separate process from our application

Data Format

JSON files in user-controlled directories define user configuration
Update your Blockified Dataset and app at any frequency to ensure data accuracy

Security Architecture & Controls

2.1 Air-Gapped Security Model

Complete Isolation

AirgapAI runs 100% locally; all processing, storage, and queries stay on the device
No outbound connections, "call-home," or cloud dependencies required for installation, updates, or maintenance
- An optional customer-deployed management service is under design to enable easier administration
Compliant with highest security environments (USAF, DOD, Intelligence, CBP, etc.)
Suitable for classified data (defense strategies, nuclear protocols)

USAF DOD Intelligence CBP

Administration

Device-level management and per-IdeaBlocks defined permissioning
Customer can build their own dataset filtering to enable exclusion-based access via AND / OR filters (i.e. Venn-diagram) matrix before provisioning IdeaBlocks to the device

Enterprise Deployments

Data Security is driven by device protocols / encryption / userlogins, etc

LAN Mode (Future Capability Forthcoming)

"LAN mode" allows connection to GPU servers for secure, enterprise compute sharing, maintaining endpoint data integrity

2.2 Device and User Security

User Isolation

Each device is single-user, single-tenant (no multi-user mode)
No cross-device data transmission
Every user on a shared system has their own datasets and no access to other users data

Imaging and Provisioning

Integrates into existing secure imaging pipeline: extraction, validation, pre-shipment hardening as a simple installable .EXE application
All installable EXEs are digitally signed with certificates stored/managed on FIPS 140-2 compliant HSM

Controlled Updates

All updates, either of the application itself or its components (Models, Corpuses) require human/admin approval

2.3 Selected Security-Related Features

No network-based integration: Entirely local
Granular permissioning: Add tags to each IdeaBlock for granular compliance
On-device model support: No model/data egress
No telemetry/keylogging: No outbound data of any kind

Federal Readiness: Regulatory Alignment, Scope, and Controls for U.S. Government Use

Summary

AirgapAI is engineered for high-security, air-gapped operation that keeps all data processing and storage within the customer's accredited environment, eliminating reliance on vendor-operated services.

This architecture simplifies scoping for FAR/DFARS/CMMC, enables straightforward RMF/ATO integration, avoids FedRAMP unless optional cloud components are introduced, and supports federal hardening, logging, supply chain, and accessibility requirements without data egress from government control.

Purpose

This addendum describes how AirgapAI supports U.S. Federal Government cybersecurity, compliance, and accreditation needs. It clarifies data-handling scope, cloud applicability, and alignment with key regulations and frameworks (FAR/DFARS/CMMC, NIST, FedRAMP, RMF/ATO, and related federal requirements).

Scope and Data Boundary

Deployment model: AirgapAI is 100% downloadable software that installs and operates locally on customer-controlled endpoints (workstations, laptops, VDI). There are no vendor-operated services, compute, or remote access required.
Data handling: All processing, storage, and queries occur on the device. The software does not transmit telemetry, "call home," or require cloud connectivity. By default, no vendor-operated information system processes Federal Contract Information (FCI), Controlled Unclassified Information (CUI), or Covered Defense Information (CDI).
Optional components: Customers may update software and models via their own tooling (e.g., Intune, network shares, offline media). Any optional centralized components can be customer-hosted inside their accreditation boundary.

Regulatory Alignment and Applicability

Regulation	Applicability & Support
FAR 52.204-21	Applies to contractor internal systems that process, store, or transmit FCI. In the default AirgapAI deployment, no vendor system handles FCI; the customer's endpoints are the in-scope systems. AirgapAI's offline, single-tenant endpoint design supports customer compliance by eliminating nonessential connectivity and simplifying boundary definition and segmentation.
DFARS 252.204-7012	Applies when contractor internal systems handle CDI/CUI. In the default deployment, no vendor system handles CDI/CUI; the customer's accredited environment is in scope. If any cloud service is used to store/process CUI, DFARS 7012 requires FedRAMP Moderate equivalent. AirgapAI does not require cloud services.
DFARS 252.204-7019/7020	Requires an SPRS score for each contractor system that will handle CUI/CDI. In the default deployment, the customer's environment is the assessed system. No vendor system requires an SPRS score unless it processes CUI.
CMMC	CMMC Level 1 (FCI) and Level 2 (CUI) apply to the contractor systems handling those data types. AirgapAI's offline architecture allows customers to confine scope to a tightly segmented enclave or endpoint baseline, reducing inheritance and assessment complexity.
NIST RMF/FISMA/SP 800-53	AirgapAI can be incorporated into a system authorization (ATO) as a component on endpoints within the customer's boundary. The application supports customer implementation of AC, AU, CM, SC, and SI control families by operating offline, honoring OS security baselines, supporting signed updates, and enabling centralized provisioning without external dependencies.
FedRAMP	FedRAMP applies to cloud services. AirgapAI, when deployed as local software with no vendor-hosted components, is not a cloud service and does not require FedRAMP authorization.
DoD CC SRG	If used by DoD on cloud infrastructure, the deployment must align to the required Impact Level (IL2/IL4/IL5/IL6) consistent with the data category. AirgapAI does not require cloud hosting.

STIGs and Platform Hardening

AirgapAI installs and runs on customer-hosted, STIG-hardened operating systems and images without requiring persistent elevated privileges or external network access
All controls are inherited from the underlying OS and enterprise stack

Cryptography and Integrity

No proprietary cryptographic algorithms are introduced. Where cryptography is used, the application leverages platform-native, FIPS 140-2/140-3 validated modules made available by the operating system when configured for FIPS mode
All release and update packages are digitally signed. Signing keys are held in HSMs compliant with FIPS 140-2 or higher
Customers may rely on host-based full-disk encryption (e.g., BitLocker, FileVault) and OS credential protection to protect at-rest data. The application does not transmit or escrow keys

Logging, Monitoring, and Incident Response

AirgapAI produces local logs suitable for ingestion by agency EDR/SIEM tools; it does not exfiltrate logs. Customers may define log retention and forwarding per OMB M-21-31 and agency policy
The vendor maintains an internal incident response program. If any future deployment were to handle FCI/CUI/CDI on vendor systems, incident reporting would follow contractual requirements (e.g., DFARS 7012 timelines and DIBNet submission). In the default offline model, no vendor-held federal data exists

CUI, ITAR, and Export Controls

The offline, single-tenant design prevents data egress and is suitable for processing CUI within a customer-accredited environment. Data remains in customer custody at all times
For ITAR/EAR-controlled data, customers remain the exporters of record; AirgapAI does not transmit or store data outside the customer's boundary. Customers should apply applicable device, user, and media controls consistent with their accreditation
CUI marking, handling, and sanitization procedures remain customer responsibilities within their authorized environment

Accessibility, Privacy, and Records

Section 508: Software follows 508 Compliant best practices in a commercially reasonable manner
Privacy: No telemetry, analytics, or keylogging. The application does not collect personal data or transmit any user content
Records: The application stores data only on the local endpoint under customer control. Retention and disposition are governed by the customer's records schedules

Conclusion

This architecture delivers a robust, air-gapped, and highly secure platform for AI/LLM-enabled workflows. It supports granular, IdeaBlock-level permissioning, advanced compliance needs, and modular/custom deployment models (endpoint, edge, private cloud). With airgapped 100% local and full data/process isolation, the system is engineered for the most demanding classified, regulatory, or privacy-centric organizations.

Frequently Asked Questions

What devices and platforms does AirgapAI support?

AirgapAI supports workstations, AI PCs (laptops and desktops), and other endpoints. It is silicon-agnostic, supporting x86 (Intel, AMD) and ARM (Snapdragon) architectures. Virtual Desktop Infrastructure (VDI) with GPUs is also supported.

How is AirgapAI deployed and updated?

AirgapAI uses fully local (air-gapped) installation, keeping all data and processes on the endpoint. No network connectivity is required by default. Updates can be delivered via Intune/other image management, network file share, or as part of new device images. User profiles are configured via JSON files saved in %APPDATA%.

What is the Blockify Data Pipeline?

Blockify is a patented pipeline that ingests, deduplicates, and distills data (marketing, tech docs, PDFs, PPTs) into modular "IdeaBlocks." It provides enhanced LLM accuracy with fine-grained permissioning. 100% local on-device Blockify is available, with Datacenter Blockify LLM also available under separate license.

How does AirgapAI handle storage and data?

All user data is locally stored in user profiles using a levels.js database (chats, settings, benchmark data) or as files (models, corpuses). There is no off-device transmission. JSON files in user-controlled directories define user configuration.

What security certifications does AirgapAI support?

AirgapAI is designed to be compliant with the highest security environments including USAF, DOD, Intelligence, and CBP. It supports FAR/DFARS/CMMC requirements, NIST RMF, FISMA, and SP 800-53 controls. The architecture is suitable for classified data handling.

Does AirgapAI require FedRAMP authorization?

No. FedRAMP applies to cloud services. AirgapAI, when deployed as local software with no vendor-hosted components, is not a cloud service and does not require FedRAMP authorization. If used by DoD on cloud infrastructure, deployment must align to the required Impact Level (IL2/IL4/IL5/IL6).

How does AirgapAI handle cryptography and integrity?

No proprietary cryptographic algorithms are introduced. The application leverages platform-native, FIPS 140-2/140-3 validated modules when configured for FIPS mode. All release and update packages are digitally signed with keys held in HSMs compliant with FIPS 140-2 or higher.

Ready to Evaluate AirgapAI?

Get a detailed technical briefing tailored to your enterprise architecture requirements.

Explore AirgapAI Request Technical Briefing Federal Solutions