IBEX

IBEX

Air-gapped AI Security & Attack Surface Platform

See everything. Connect nothing. A sealed appliance that secures both your network and your AI: it maps the full attack surface of your most sensitive environments, scans the code your teams build, and governs every model and agent running inside your perimeter, all without ever touching the internet.

Get in Touch Try the live demo

At a glance

Sealed on-prem appliance Network + AI security Internal / isolated network Dashboard + CLI + report DE · FR · IT · EN Signed, manual, audited updates Discovery by default, control optional

Secure your network and your AI,
behind your perimeter

IBEX is a sealed, on-premises appliance that secures both your network and the AI running inside it. It maps the complete attack surface of your most sensitive environments, scans the code your teams build, and governs every model and agent on your network: discovering them, enforcing guardrails on live AI traffic, watching for AI-specific threats, and producing auditor-ready compliance evidence, all without ever touching the internet.

The Challenge

The networks that matter most, classified, isolated, and operational, are the ones cloud attack-surface and AI-security tools can never reach. Connectivity is forbidden, so the very environments where visibility is most critical are the ones left in the dark.

Assets nobody registered pile up unseen, models and agents spin up ungoverned, and the code teams build ships with vulnerable dependencies, leaked secrets, and insecure infrastructure-as-code that no external scanner is allowed to inspect.

The Solution

IBEX is a sealed appliance that runs entirely on its own hardware inside your perimeter. It maps the complete attack surface, scans your repositories offline, governs the AI running on the network, and ranks every finding against a locally held vulnerability database.

No cloud, no data egress, no external dependencies. Your data never leaves your control, and you still get the full discovery, detection, governance, and reporting the high-trust network has always lacked.

Shadow detection

What is really on the network, and what was never approved?

IBEX compares what is actually live against your approved baseline and surfaces the assets nobody registered: the unmanaged, forgotten, and rogue devices, and the unsanctioned local AI services running where no one was looking. Every unknown is a blind spot on your attack surface. Finding them stops being a matter of luck and becomes a process.

Secure the AI inside your perimeter

The same appliance that maps your network governs every model and agent running on it, the air-gapped equivalent of a full AI-security platform.

AI inventory & discovery

Finds the models, endpoints, notebooks, and agents on the network, surfaces shadow AI, and keeps model cards with a review-and-approval workflow and a portable AI bill of materials.

AI posture & compliance

Scans AI for misconfiguration and supply-chain risk and produces auditor-ready evidence against ISO 42001, the EU AI Act, NIST AI RMF, and Swiss frameworks.

Runtime AI gateway

An inline gateway enforces guardrails on live AI traffic, blocking, redacting, or alerting on PII, jailbreaks, and code leakage, with a zero-trust authorization hub controlling who may reach each model.

AI monitoring & threat detection

Captures AI activity into a sovereign data lake and flags abuse and anomalies with behavioural detection, the AI-native equivalent of detection-and-response, entirely on-box.

Offline vulnerability intelligence

Every finding, on the network and in your code, is cross-checked against a vulnerability database held locally on the appliance, so exposures are identified and ranked with no external lookups and nothing leaving the perimeter.

Knowledge stays current through signed updates carried in by hand. Every change is deliberate, cryptographically verified, and audited, so the appliance is never out of date and never online.

Sovereign AI analysis

An on-board model plans each sweep, interprets the results, judges device roles and anomalies, and writes the findings in German, French, Italian, or English, drawing only on the appliance's own data.

Because the model runs locally on dedicated hardware, your data never leaves the infrastructure, which matters in classified and regulated environments where data sovereignty is non-negotiable.

Key Features

Total visibility: discovers every live host, device, service, application, and AI system into a continuously accurate inventory
AI inventory & discovery: finds models, endpoints, notebooks, and agents, surfaces shadow AI, with model cards, an approval workflow, and a portable AI bill of materials
AI posture & compliance: scans AI for misconfiguration and supply-chain risk, with auditor-ready evidence against ISO 42001, the EU AI Act, NIST AI RMF, and Swiss frameworks
Runtime AI gateway: inline enforcement on live AI traffic, blocking, redacting, or alerting on PII, jailbreaks, and code leakage, with a zero-trust authorization hub
AI monitoring & threat detection: captures AI activity into a sovereign data lake and flags abuse and anomalies with behavioural detection
Code & application security: scans repositories offline for vulnerable dependencies, code flaws, leaked secrets, and insecure IaC
Offline vulnerability intelligence: ranks every finding against a locally held vulnerability database with no external lookups
Sovereign AI analysis: an on-board model plans each sweep, judges device roles and anomalies, and reports in DE, FR, IT, or EN
Sealed and sovereign: runs entirely on its own hardware inside your perimeter, with no cloud and no data egress

How It Works

1
Discover

Sweep the network to find every live host, device, service, application, and AI system, then fingerprint what each one is.

2
Inventory

Build a continuously accurate inventory of assets and AI, and flag everything that strays from your approved baseline.

3
Assess posture

Scan code, assets, and AI offline and rank every finding against the local vulnerability database.

4
Enforce & monitor

Optionally enforce guardrails on live AI traffic and watch for abuse and anomalies with behavioural detection.

5
Prove compliance

Deliver a prioritised report and auditor-ready compliance evidence, written by the on-board model in your language of choice.

Built for the networks the cloud can't reach

Truly air-gapped

Sealed on its own hardware inside your perimeter, with no cloud, no data egress, and no external dependencies.

Discovery by default, control optional

A watchful posture that maps and scans without disruption, with runtime enforcement and offensive testing operator-activated and off by default.

Modular by edition

A core plus licensable add-ons, packaged as named editions, so each deployment runs only the network and AI-security capabilities it licenses.

Your data stays yours

A sovereign, on-board model and a local vulnerability database mean nothing ever leaves your control.

Ready to see IBEX in action?

Walk a scoped IBEX estate shaped like your own environment, live in minutes.

Try the live demo

Related Products

ALPACA
ALPACA

Automated Log Platform for Administration, Coverage & Automation

The single source of truth for your log sources: governance, security coverage, and lifecycle alongside your SIEM.

Learn more
A.L.F.

Augmented Learning Framework

Standalone, domain-adaptive RAG platform for regulated and high-trust enterprises.

Learn more
Datalak

Centralized Data Excellence

Unified platform for centralized data management and excellence.

Learn more