CLASSIFICATION POSTURE · PROTECTED
DEFENCE · AIR-GAPPED
AI software, inside the enclave that has no internet route.
RankSaga ships and operates AI applications inside disconnected environments. Model artefacts, vector indices, inference paths, observability, and update flows, all designed for an enclave that does not call out and never will. Currently live for the Australian Armed Forces.
Air-gapped is not a deployment mode. It is a discipline. Every assumption modern AI software makes about an internet path has to be reversed before a single workload is moved inside the enclave.
PRACTICE OVERVIEW
What it actually takes to run modern AI offline.
Most teams building AI software have never operated inside an environment that cannot reach the internet. Modern AI tooling is built on the opposite assumption, package managers, model registries, telemetry endpoints, hosted inference, evaluation services, even error reporting all assume a connection that, in a real defence enclave, simply is not there. Moving an AI workload into an air-gapped environment is not a deployment step. It is a re-architecture.
RankSaga has done this in production. We built and operate an AI system for the Australian Armed Forces that runs entirely inside a disconnected environment on sovereign Microsoft Azure infrastructure. We architected the model lifecycle, the inference path, the observability layer, the update flow, and the supply chain for code and model dependencies, all under the constraint that nothing inside the enclave calls anything outside of it, ever.
Doing that well is a small set of decisions made early, repeatedly, and with discipline. Choose models you can run on infrastructure you control. Build a supply chain that works without package-manager calls. Make telemetry work in a closed loop. Design model updates as a deliberate, attested artefact-handover, not a continuous push. Treat every inbound dependency as a supply-chain risk that has to be reviewed before it crosses the boundary. Most of the work is in the choices, not the code.
Our air-gapped capability is offered both as a standalone engagement, when the customer has a working AI system that needs to be hardened and migrated into an enclave, and as part of a broader build, when we are also writing the application from scratch. In either case, the engineers who design the air-gapped posture are the engineers who operate it.
WHAT WE DO
The disciplines of air-gapped AI, in our hands.
01 / Capability
Offline Model Lifecycle
Model selection, hosting, versioning, and update flows engineered for an environment with no internet path. Attested artefact handover, signed model packages, and a deliberate update cadence the customer controls.
02 / Capability
Hardened Supply Chain
Code and model dependency review before crossing the boundary. Internal package mirroring, signed dependency artefacts, and provenance tracking for everything that runs inside the enclave.
03 / Capability
In-Enclave Inference
Inference paths that run entirely on customer-controlled infrastructure. Single-tenant model serving, hardened against side-channels, designed for the latency and capacity profile of the actual workload.
04 / Capability
Closed-Loop Observability
Logs, metrics, traces, and operator telemetry that stay inside the enclave. Health visibility without telemetry leaks; alerting without an external service.
05 / Capability
Vector Stores & Knowledge
Customer-controlled vector indices, knowledge graphs, and document corpora, built, indexed, and updated entirely inside the enclave, with offline pipelines for re-indexing as the corpus changes.
06 / Capability
Operator-Facing Software
The application surface, agent consoles, briefing tools, decision-support interfaces, designed for an offline environment, with no external font, telemetry, or analytics dependency.
OPERATING MODEL
Re-architect once, operate continuously.
Air-gapped engagements have a different shape than cloud engagements. The hardening posture has to be set early; the operations cadence runs slower and more deliberately; the team has to be on hand for the long tail. RankSaga is staffed and structured for it.
01 / Step
Posture & Boundary Mapping
We start with the boundary, what crosses it, in what direction, under what controls, with what attestation. Every architectural decision downstream is shaped by this. We deliver a written posture before a single line of code lands inside the enclave.
02 / Step
In-Enclave Build & Migration
We build inside the enclave. Where the customer has working AI software in a connected environment, we re-architect, re-package, and migrate it under the boundary controls. Where the application is greenfield, we ship it directly into the enclave from week one.
03 / Step
Operate Across the Boundary
Operations in an air-gapped environment is a slower, more deliberate cadence. We hold a steady release rhythm, we attest to every artefact crossing the boundary, and we operate the system inside the enclave alongside the customer's platform team.
WHAT YOU GET
Working software inside the enclave, and the team that holds it there.
01 / Deliverable
Working AI Software in the Air-Gapped Environment
Production AI application running entirely inside the customer enclave, against customer data, used by customer operators, with no inference path, telemetry, or dependency call to the outside world.
02 / Deliverable
Documented Boundary Posture
A written, customer-reviewable description of what crosses the boundary, in what direction, with what attestation and what controls. The posture is part of the deliverable, not an artefact of the engagement.
03 / Deliverable
Offline Model & Dependency Lifecycle
Update flows for models, vector indices, code dependencies, and operating system patches that work inside the enclave, with attested handover and a customer-controlled cadence.
04 / Deliverable
Embedded Operations
The engineers who built it stay deployed. The operations cadence in air-gapped is slower; the obligation to be on hand when something breaks is the same.
REFERENCE
Australian Armed Forces. In production. Air-gapped.
Our reference deployment runs an AI application inside a disconnected Australian Armed Forces environment on sovereign Microsoft Azure infrastructure. Model artefacts, inference, observability, and update flows are entirely inside the boundary.
- ·Offline model lifecycle with attested artefact handover at the boundary.
- ·In-enclave inference on customer-controlled infrastructure, no external calls.
- ·Closed-loop observability, logs, metrics, traces stay inside the enclave.
- ·Customer-controlled update cadence for models, indices, and dependencies.
RELATED CAPABILITIES
Where the air-gapped surface meets the rest of the stack.
Adjacent
Defence-Grade AI Systems →
When the workload that needs to be air-gapped is itself an AI application, RAG, semantic search, decision support.
Adjacent
Mission Software Engineering →
When the air-gapped deployment is one part of a broader operator-facing mission application.
Adjacent
Microsoft Azure (Sovereign) →
When the underlying infrastructure is sovereign Azure, the topology our reference deployment runs on.
QUESTIONS
What customers ask before they bring us in.
What classifications can you operate inside?+
We are most experienced operating up to PROTECTED in Australian environments, including air-gapped deployments. For higher classifications and partner-nation environments, we work to the customer's accreditation pathway, including IRAP-aligned uplift and equivalent partner-nation controls.
Can existing AI software be migrated into an air-gapped environment, or does it have to be rebuilt?+
Often migrated, sometimes partially rebuilt, depends on the system. The two common blockers are dependencies on hosted inference and telemetry that cannot be turned off. We assess the existing system, identify what crosses the boundary, and re-architect those surfaces; the rest is migrated.
How do model updates work inside an enclave?+
As deliberate, attested artefact handovers, not as continuous pushes. The customer controls the cadence; we package, sign, and document each model and dependency artefact crossing the boundary, and the customer reviews and accepts before installation.
What models can run inside an air-gapped environment?+
Open-weight foundation models we deploy and harden, customer-fine-tuned variants, and sovereign-hosted models where the deployment topology supports them. Hosted-only models from public providers are out of scope by definition.
How is observability handled without external services?+
Closed-loop. Logs, metrics, and traces flow into customer-controlled infrastructure inside the enclave. Alerting is in-enclave; dashboards and incident review are operated by the customer with our engineers on hand. No telemetry crosses the boundary unless the customer explicitly authorises and reviews it.
ENGAGE
If the workload has to live inside the enclave, the engineering has to start there.
Air-gapped is the place we are most useful and most differentiated. If you have an AI workload that has to operate inside a disconnected environment, or an existing system that needs to be migrated into one, we should talk.
ENGAGE
Bring us in on the problem before it has a name.
We work best when we are embedded early, alongside the team that owns the mission, the data, and the operational risk. Government, commercial enterprise, or defence: if your environment is regulated, sensitive, or air-gapped, that is where we are most useful.