White paper

Your AI security tool is exfiltrating your estate.

And you approved it — in a click-through agreement. The AI copilots now built into security tooling quietly send the most sensitive description of your environment to systems you don't control and can't audit. Here's why that matters, and what has to change.

The convenience trap

Almost every security product now ships an AI assistant: ask a question in plain English, get an answer about your environment. It's genuinely useful — and it's spreading fast. But behind most of these features is a hosted, third-party model. To "reason" over your environment, the tool has to send your environment's data to that model. The convenience is real. So is the export.

Because it happens invisibly, feature by feature, most organisations have never made a conscious decision to send this data anywhere. It arrived as a product update.

No one signed off on exporting their attack surface. It shipped as a feature and got enabled by default.

What actually leaves the building

To answer questions about your estate, an AI copilot needs context — and the context is exactly the data an attacker would want:

Individually, each feels mundane. Together, they are a precise, structured map of your organisation — and a precise, structured map of how to attack it.

Why this data is uniquely dangerous

Not all exported data is equal. Marketing analytics leaking is embarrassing; your security posture leaking is existential. The output of a security tool is a distilled description of your weaknesses. Handing that to any external system — however reputable — means the single most useful document for compromising you now exists outside your control.

And the risk compounds. That data may be logged, cached, retained, used to improve models, or exposed in a breach of the provider. You are trusting not just the vendor's intentions but their entire security posture, their subprocessors, and their jurisdiction — with the one dataset you can least afford to lose.

The audit gap

When data leaves your perimeter for a hosted model, your ability to audit what happens to it effectively ends. You cannot inspect how it's stored, how long it's kept, who or what processes it, or whether it influences a shared model. You are asked to accept assurances in place of evidence. For a security function — whose entire job is to reduce reliance on trust and increase verifiable control — that is a strange trade to make.

Sovereignty and regulatory exposure

For regulated and sovereign environments, this isn't only a security concern — it's a compliance one. Data-residency rules, sector regulation and national-security requirements frequently prohibit sending sensitive operational data to third-party or foreign-hosted services. An AI feature that quietly exports your inventory can turn a helpful copilot into a reportable breach. As data-sovereignty regulation tightens, the number of organisations for whom "it goes to a cloud model" is simply not permissible only grows.

AI that comes to the data

None of this means giving up AI. It means changing where it runs and how it's bounded. Capable open models run entirely on local or self-hosted infrastructure — and a well-designed system keeps the model's role tightly scoped:

Done this way, you get an assistant that reads your topology, ranks your real exploitable risks and drafts remediation — without a single byte of it leaving your network. The intelligence comes to the data, not the other way around.

If your posture data is valuable enough to protect, it's valuable enough not to send anywhere — including to an AI.

The question to ask your vendor

Before you enable an AI feature in any security tool, ask one plain question: where does the model run, and what data leaves my network to use it? If the answer involves a hosted model and an export of your environment, you've found a new dependency and a new exposure. ApexAI was built to give a different answer: the AI, the control plane and the data all stay on your infrastructure — fully air-gapped, with nothing sent to the cloud.

Keep your estate inside your walls

See on-prem, air-gapped AI reasoning over a live environment — with nothing leaving the network.

Get a demo