What is an Air-Gap? A Technical Primer

The Definition

An air-gap is a security measure that physically isolates a computer system from any unsecured network — including the internet and local area networks — by ensuring there is no physical or wireless connection between the secure system and the outside world.

The name comes from the literal gap of air between the secure machine and everything else. If there’s no cable, there’s no connection. If there’s no connection, remote access is physically impossible.

This sounds simple. That simplicity is precisely the point.

Why Software Security Isn’t Enough

Modern cybersecurity stacks are impressive. Firewalls, intrusion detection systems, endpoint protection, VPNs, zero-trust architectures — each layer adds protection. But every software-based security measure shares a fundamental weakness: they can be compromised by software.

Firewalls can be misconfigured or bypassed by novel exploits. Encryption protects data in transit but not a system that’s been compromised. Zero-trust assumes the network exists — it just limits what can traverse it. Even air-gapped systems have been attacked (Stuxnet, the most famous example, required physical USB introduction), but the attack surface is orders of magnitude smaller.

For the highest-sensitivity data — government secrets, privileged legal communications, clinical trial data, defense R&D — software-only security is insufficient not because it fails, but because it cannot provide a guarantee. An air-gap can.

How Air-Gapped Systems Work in Practice

Data Ingestion

Without a network connection, data must be physically introduced to the system:

Documents are collected on a separate, internet-connected workstation
Files are scanned for malware and copied to an encrypted USB drive
The drive is physically carried to the air-gapped system and connected
The system ingests, verifies, and processes the data

This adds operational overhead — but for many organizations, that overhead is the correct trade-off against the risk of a network-connected system.

Software Updates

This is where air-gapped operations require the most discipline. Without internet access, updates cannot download automatically. The Tacitus approach, which we call the Supply Drop protocol:

A signed update package is prepared at our facility
The package is cryptographically signed with keys that the Cortex verifies
The signed package is delivered on an encrypted USB drive
The Cortex verifies the signature before applying the update — a tampered package is rejected

The Supply Drop means the system never has to be connected to receive updates. The cryptographic verification means a malicious update (even from a physically compromised USB drive) would be detected and rejected.

Queries and Outputs

Once documents are ingested, all AI operations — embedding, retrieval, generation — happen entirely on the local hardware. Query inputs and outputs stay within the system. Nothing leaves.

Air-Gapped AI: Running Models Offline

AI systems present a specific challenge for air-gap architectures: modern language models are large (typically 7–70 billion parameters), require significant compute, and are conventionally accessed over APIs to cloud services. Running them locally requires:

Dedicated GPU hardware — consumer CPUs cannot run inference at acceptable speeds. The Tacitus Cortex includes NVIDIA professional-grade GPUs specifically for this purpose.

Quantized models — full-precision models require impractical amounts of VRAM. 4-bit or 8-bit quantization reduces memory requirements while preserving most performance, making deployment on a single high-end GPU feasible.

Local vector database — semantic search requires a vector database alongside the language model. We use Qdrant, an open-source vector database that runs entirely on-premises with no call-home functionality.

Offline embeddings — document embeddings (the numerical representations used for semantic search) must also be generated locally, using an embedding model that runs on the same hardware.

The result is a complete RAG (Retrieval-Augmented Generation) pipeline running entirely on a single physical appliance — no internet connection required at any point.

Legal Significance of Air-Gap for Data Sovereignty

Beyond the security benefits, air-gapping has specific legal implications:

CLOUD Act Immunity

The US CLOUD Act allows law enforcement to compel US-based technology companies to provide data stored anywhere in the world. But the Act can only compel access to data that the company controls. A system in your server room, disconnected from any network, is not under anyone else’s control — there is nothing to compel.

When data is processed on an air-gapped system you own, there is no third-party data processor under Article 28. You are both controller and processor. The complexity of Data Processing Agreements, subprocessor chains, and cross-border transfer safeguards simply doesn’t arise.

Attorney-Client Privilege

For law firms, the air-gap provides a clear answer to the “third-party doctrine” risk: there is no third party. Privileged communications processed on air-gapped infrastructure remain under the firm’s exclusive control.

The Trade-Off

Air-gap isn’t for everyone. The operational overhead — physical USB transfers for data ingestion, manual update procedures — is real. For organizations processing large volumes of routine documents with moderate sensitivity, a sovereign cloud deployment (like Tacitus Cloud Bridge) may be the appropriate balance.

The air-gap is the right choice when:

Regulatory requirements mandate on-premises data processing
The data is sensitive enough that no residual network risk is acceptable
Professional obligations (privilege, medical ethics) require absolute control
ITAR or other export control regimes prohibit data from leaving the facility

For these cases, there is no software substitute for a physical gap.

Interested in air-gapped AI infrastructure for your organization? Request a briefing to discuss the Tacitus Cortex.