AgenticEncy · The Agentic Agency · a MAXFR LTD company  —  Work with us →
← Marginalia

When your AI has to stay in the building: on-premise and air-gapped agents, explained

For most companies, the cloud is the right answer and this article is optional reading. You send your data to a hosted model, it does the work, you get on with your day. Convenient, capable, cheap enough.

For some organisations, though, that first step — send your data off-site — is where the conversation ends. Not because they’re cautious by temperament, but because the law, a contract, or a genuine risk assessment forbids it. If that’s you, “just use the API” isn’t a strategy. It’s a compliance incident waiting to happen.

This is a guide to the other path: keeping agentic AI inside your own walls.

Who this is actually for

Be honest about whether you’re in this group, because building for it is more work and there’s no prize for over-engineering. You likely belong here if you’re in finance, healthcare, legal, defence, or government, or if you hold regulated data or sensitive IP under rules — GDPR, sector regulators, client contracts, national-security constraints — that make sending it to a third party a non-starter.

If that’s not you, deploy in the cloud with a clear conscience. If it is, read on.

The spectrum, from convenient to sovereign

“On-premise” isn’t one thing — it’s a spectrum, and most people conflate the points on it.

Cloud API. You call a hosted model. Maximum convenience and capability, minimum control. Your data leaves your building.

Private cloud / VPC. The model runs in cloud infrastructure ring-fenced to you. Better isolation, still ultimately someone else’s data centre — but for many “sensitive” cases, genuinely enough.

On-premise. The model runs on hardware you own, in your building. Your data never leaves the perimeter. You gain control and independence; you take on the cost and the operational burden.

Air-gapped. The system has no connection to the outside world at all — fully offline. Nothing goes in or out over a network. This is the strictest posture, reserved for the most sensitive environments.

The trade running through all of it is the same: control versus convenience. Every step toward sovereignty buys you assurance and costs you ease. The skill is stopping at the right point, not the most dramatic one.

What “air-gapped agentic AI” actually involves

Air-gapping a chatbot is one thing. Air-gapping an agent is harder, and it’s worth knowing why before you promise it.

Agents like to reach out — to call hosted models, fetch from the web, hit external tools. In an air-gapped deployment, none of that is available. The model has to live locally. The tools it uses have to live locally. Its knowledge can’t quietly top itself up from the internet, so updates become a deliberate, manual, physically-carried-in process. Everything the agent needs has to be inside the wall, on purpose, because there is no reaching over it.

That’s achievable — it’s done every day in serious environments — but it’s a design constraint that shapes the whole system, not a checkbox you tick at the end.

The hardware reality software-only shops skip

Here’s the part a purely software agency tends to wave past: running capable models on your own kit is a hardware problem.

A model that lives in your building has to run on silicon in your building. That means real accelerators (GPUs and the like), sized honestly to the models and the load you actually have, in a deployment that matches your security posture — and maintained by someone who understands both the AI and the metal it runs on. Get the sizing wrong and you’ve either overspent on a rack that idles, or built something too slow to use. This is exactly the seam where our sister studio AIOD lives — private, on-premise and air-gapped AI, with the hardware configured and supplied to match.

The honest bit

Don’t air-gap by reflex. It’s tempting to treat maximum lockdown as maximum responsibility, but over-securing has real costs — money, speed, model choice, and an operational burden that never goes away. Plenty of “we can’t use the cloud” instincts turn out, on inspection, to be satisfied by a properly isolated private-cloud setup at a fraction of the effort.

The right move is unglamorous: match the deployment to the actual requirement. Sometimes that’s a full air gap. Often it’s less. Knowing the difference — and being fluent enough across both the AI and the infrastructure to make the call honestly — is the whole point.

That’s where AgenticEncy and AIOD come in together: the fluency to know what you actually need, and the hardware to build it where it has to live.

Work with us →

Let's make your business agentically fluent.

Tell us what you're trying to do with AI. We'll tell you honestly where agents fit — and where they don't.