Enterprise-grade AI that runs entirely on your infrastructure. No external API calls. No data leaving your network. Full regulatory compliance built in.
The AI Dilemma: Balancing Risk vs. Productivity
Using public AI directly
Banning AI entirely
Local AI, Full Control
Enterprise AI with defense-in-depth security -- running entirely on your infrastructure.
Dual-layer detection using Microsoft Presidio and a local LLM. Catches structured patterns (SSN, credit cards) and context-aware sensitive data across 22 languages before it reaches the AI model.
Enterprise-grade SSO (SAML, OIDC) via Keycloak with mandatory MFA. Role-based permissions, per-user rate limiting, and context-aware access policies.
Automated reporting mapped to HIPAA, SOC 2, GDPR, CCPA, NYDFS 500, and the EU AI Act. Immutable audit trails with 7-year retention and fail-closed logging.
Fully air-gapped deployment. No external API calls, no vendor lock-in, no data residency concerns. Five isolated Docker networks ensure defense-in-depth with AES-256-GCM encryption at rest and TLS 1.3 in transit.
Full UI localization across 22 languages including Arabic and Hebrew with native RTL layout support. PII/PHI detection works across all supported languages. Deploy once, serve your entire global workforce.
A four-layer defense-in-depth security model -- all running on your servers.
API Gateway
Controls who can enter and how often. Prevents abuse and enforces access policies via Kong Gateway with Keycloak SSO.
Content Sanitization
Dual-layer detection: Microsoft Presidio catches structured patterns, a local LLM catches context-dependent sensitive data. If either layer flags it, it gets redacted.
On-Premises LLM
Sanitized content is processed by Ollama running locally on your infrastructure. No internet connection needed. Data never leaves your network.
Audit System
Records every interaction with fail-closed logging. Enables compliance reporting and incident investigations with immutable, encrypted audit trails.
No. Knox is designed for fully air-gapped deployment. All LLM inference runs locally via Ollama on your own servers. There are zero external API calls -- no data ever leaves your network perimeter. Internet is only needed for initial model downloads, after which the system operates completely offline.
Knox runs open-source models locally via Ollama, including Llama 3.1 (8B and 70B parameters), Mistral 7B, and Code Llama 13B. You choose which models to deploy based on your hardware and use case. Models run entirely on your infrastructure with no external dependencies.
Yes. The entire UI is fully localized in 22 languages -- including Arabic and Hebrew with native right-to-left (RTL) layout. Users select their preferred language and the full interface (chat, admin, compliance reporting, settings) renders natively. PII/PHI sanitization also works across all supported languages, and the local Llama models handle multilingual conversations natively.
All data -- conversations, audit logs, user records, and model weights -- stays on your infrastructure. Nothing is sent to external services. Content is encrypted at rest with AES-256-GCM via HashiCorp Vault, and all network communication uses TLS 1.3.
Yes. Knox integrates with standard enterprise identity providers (Okta, Azure AD, LDAP) via Keycloak, and logging stacks (Splunk, Datadog, Graylog) for SIEM integration. The RAG pipeline supports local document ingestion with vector search.
Knox provides the technical controls required for HIPAA, SOC 2, GDPR, CCPA, NYDFS 500, and EU AI Act compliance: encryption at rest and in transit, immutable audit logs with 7-year retention, role-based access control with MFA, and automated compliance reporting. The fully air-gapped architecture eliminates third-party data processor risk entirely.