The convenience trap
Almost every security product now ships an AI assistant: ask a question in plain English, get an answer about your environment. It's genuinely useful — and it's spreading fast. But behind most of these features is a hosted, third-party model. To "reason" over your environment, the tool has to send your environment's data to that model. The convenience is real. So is the export.
Because it happens invisibly, feature by feature, most organisations have never made a conscious decision to send this data anywhere. It arrived as a product update.
No one signed off on exporting their attack surface. It shipped as a feature and got enabled by default.
What actually leaves the building
To answer questions about your estate, an AI copilot needs context — and the context is exactly the data an attacker would want:
- Full device inventory: hostnames, operating systems, installed software and versions.
- Configuration and posture: what's hardened, what's misconfigured, what's unpatched.
- Vulnerabilities and findings: precisely where you're weak.
- Network topology: how systems connect, and which are exposed.
- Logs and telemetry: user names, activity, and operational detail.
Individually, each feels mundane. Together, they are a precise, structured map of your organisation — and a precise, structured map of how to attack it.
Why this data is uniquely dangerous
Not all exported data is equal. Marketing analytics leaking is embarrassing; your security posture leaking is existential. The output of a security tool is a distilled description of your weaknesses. Handing that to any external system — however reputable — means the single most useful document for compromising you now exists outside your control.
And the risk compounds. That data may be logged, cached, retained, used to improve models, or exposed in a breach of the provider. You are trusting not just the vendor's intentions but their entire security posture, their subprocessors, and their jurisdiction — with the one dataset you can least afford to lose.
The audit gap
When data leaves your perimeter for a hosted model, your ability to audit what happens to it effectively ends. You cannot inspect how it's stored, how long it's kept, who or what processes it, or whether it influences a shared model. You are asked to accept assurances in place of evidence. For a security function — whose entire job is to reduce reliance on trust and increase verifiable control — that is a strange trade to make.
Sovereignty and regulatory exposure
For regulated and sovereign environments, this isn't only a security concern — it's a compliance one. Data-residency rules, sector regulation and national-security requirements frequently prohibit sending sensitive operational data to third-party or foreign-hosted services. An AI feature that quietly exports your inventory can turn a helpful copilot into a reportable breach. As data-sovereignty regulation tightens, the number of organisations for whom "it goes to a cloud model" is simply not permissible only grows.
AI that comes to the data
None of this means giving up AI. It means changing where it runs and how it's bounded. Capable open models run entirely on local or self-hosted infrastructure — and a well-designed system keeps the model's role tightly scoped:
- The model runs on-premises, so nothing about your estate leaves your network.
- Findings are computed deterministically, not invented by the model — the AI explains and proposes, it doesn't fabricate.
- Every action is logged to an assurance trail you can inspect.
- A human confirms every change, and device-reported data is treated as data, never as instructions.
Done this way, you get an assistant that reads your topology, ranks your real exploitable risks and drafts remediation — without a single byte of it leaving your network. The intelligence comes to the data, not the other way around.
If your posture data is valuable enough to protect, it's valuable enough not to send anywhere — including to an AI.
The question to ask your vendor
Before you enable an AI feature in any security tool, ask one plain question: where does the model run, and what data leaves my network to use it? If the answer involves a hosted model and an export of your environment, you've found a new dependency and a new exposure. ApexAI was built to give a different answer: the AI, the control plane and the data all stay on your infrastructure — fully air-gapped, with nothing sent to the cloud.
Keep your estate inside your walls
See on-prem, air-gapped AI reasoning over a live environment — with nothing leaving the network.
Get a demo