AI & Research

IstroSec builds and runs its own AI: self-hosted, explainable, and verified against the underlying evidence.


Local LLMs and an air-gapped knowledge base for investigations

  • A fully self-hosted large-language-model platform that IstroSec builds and runs in-house — no third-party AI clouds.
  • Designed for closed, air-gapped and on-premises environments handling sensitive data.
  • A hybrid cybersecurity knowledge base — semantic + keyword retrieval, reranking and knowledge-graph traversal across CVEs, threat actors, malware families and MITRE ATT&CK techniques.
  • Local-LLM forensic analysis: a multi-stage review pipeline (triage → analysis → validation) that works through large evidence sets and re-verifies every finding verbatim against the source — no hallucinated evidence.
  • Guardrails against fabricating CVE IDs, CVSS scores, threat-actor attributions or indicators of compromise.
  • Model-agnostic and fully self-hosted — no dependency on third-party AI APIs

Sovereign AI SOC IN DEVELOPMENT

  • An AI triage-and-investigation layer built on GRYPHON sensors: AI investigates each alert; analysts approve every consequential action (human-in-the-loop by design).
  • EU-sovereign and self-hostable — EU-hosted, on-premises or air-gapped, running local models.
  • Every AI claim is evidence-cited; every metric is computed deterministically, not generated by a model.
  • Hard per-tenant isolation, and a tamper-evident, hash-chained audit trail for every step.

Run on IstroSec’s own infrastructure

IstroSec builds, trains and runs these models on its own compute infrastructure — self-hosted and under IstroSec’s control, with no dependency on third-party AI clouds.


Backed by EU research: see our EU-funded projects, including GRYPHON-EWS — Early Warning System against advanced cyber threats.