IstroSec builds and runs its own AI: self-hosted, explainable, and verified against the underlying evidence.
Local LLMs and an air-gapped knowledge base for investigations
- A fully self-hosted large-language-model platform that IstroSec builds and runs in-house — no third-party AI clouds.
- Designed for closed, air-gapped and on-premises environments handling sensitive data.
- A hybrid cybersecurity knowledge base — semantic + keyword retrieval, reranking and knowledge-graph traversal across CVEs, threat actors, malware families and MITRE ATT&CK techniques.
- Local-LLM forensic analysis: a multi-stage review pipeline (triage → analysis → validation) that works through large evidence sets and re-verifies every finding verbatim against the source — no hallucinated evidence.
- Guardrails against fabricating CVE IDs, CVSS scores, threat-actor attributions or indicators of compromise.
- Model-agnostic and fully self-hosted — no dependency on third-party AI APIs
Sovereign AI SOC IN DEVELOPMENT
- An AI triage-and-investigation layer built on GRYPHON sensors: AI investigates each alert; analysts approve every consequential action (human-in-the-loop by design).
- EU-sovereign and self-hostable — EU-hosted, on-premises or air-gapped, running local models.
- Every AI claim is evidence-cited; every metric is computed deterministically, not generated by a model.
- Hard per-tenant isolation, and a tamper-evident, hash-chained audit trail for every step.
Run on IstroSec’s own infrastructure
IstroSec builds, trains and runs these models on its own compute infrastructure — self-hosted and under IstroSec’s control, with no dependency on third-party AI clouds.
Backed by EU research: see our EU-funded projects, including GRYPHON-EWS — Early Warning System against advanced cyber threats.