Public Sector & Defence
AI agent capabilities in air-gapped, sovereign environments with zero external dependencies. Full audit trail of every agent action. Turnkey hardware that deploys in your secure facility.
The air-gap requirement isn't negotiable
Public sector and defence organisations don't have the luxury of "we'll figure out security later." The requirements are binary:
- No data leaves the network. Not for inference, not for telemetry, not for "anonymous usage analytics." If the system makes any external connection, it fails the assessment.
- No external dependencies at runtime. The system must function with the network cable unplugged. No licence heartbeats, no mandatory update checks, no API calls to a vendor.
- Full auditability. Every action the system takes must be logged, attributable, and available for review. Not just what the user asked — what the agent did, what files it accessed, what code it wrote, what it committed.
- Known, inspectable models. Open-weight models where the weights can be verified, not proprietary black boxes where you're trusting a foreign vendor's word about what's running.
Most AI platforms fail on the first requirement. They're built around API calls to cloud inference providers. "Air-gap support" is an afterthought — a configuration flag that disables features rather than a first-class deployment model.
What public sector teams need AI agents for
The use cases are the same as the private sector — the constraints are just harder.
Software engineering — Government digital services, defence systems, critical infrastructure software. AI agents that can write code, run tests, refactor systems, and produce pull requests — all within a classified or restricted network. The agent works autonomously; humans review and approve.
Document analysis and drafting — Policy documents, procurement specifications, regulatory filings, intelligence reports. Agents that can read, summarise, cross-reference, and draft — with a full audit trail of what they accessed and what they produced.
DevOps and infrastructure — Monitoring, incident response, configuration management, CI/CD pipeline maintenance. Agents that handle the routine operational work, freeing cleared personnel for higher-value tasks.
Research and analysis — Threat analysis, open-source intelligence, technical research. Agents that can browse internal knowledge bases, cross-reference datasets, and produce structured analysis — all within the secure perimeter.
How Helix delivers this
Air-gap deployable — first-class, not afterthought — Helix is designed to run fully disconnected. Models are loaded during initial deployment. No runtime internet access required. No licence heartbeats, no telemetry, no phone-home of any kind. Disconnect the network cable and everything keeps running.
Open-weight models that rival the best — Helix runs state-of-the-art open-weight models: Llama, Qwen, Mistral, DeepSeek, and others. These models now match or exceed proprietary models on coding, reasoning, and language benchmarks. You can inspect the model weights, verify what's running, and swap models without vendor approval.
Zero telemetry — Helix collects no usage data, sends no analytics, phones home to nobody. The Sovereign Server has no mechanism for external reporting even if someone wanted to enable it. This is verifiable — the source is available for inspection.
Complete audit trail — Every prompt, every response, every file access, every git operation, every agent action. Logged locally, under your control, exportable in standard formats. Your security team gets full visibility. Your auditors get evidence.
Ephemeral per-task credentials — Agents get scoped credentials issued at task start and revoked at task end. No long-lived secrets. Branch-scoped git access — agents can only write to feature branches, never to main. If an agent is compromised, the blast radius is one branch of one repository for the duration of one task.
SOC 2 Type II and ISO 27001 certified — Independently audited. These certifications demonstrate the operational maturity that secure deployments require.
Deployment options
Sovereign Server — turnkey hardware — A 4U rack server with 8× NVIDIA RTX 6000 Pro GPUs and 768 GB VRAM, Helix preloaded. Ship to your secure facility, power on, done. No Kubernetes expertise required. No internet access required after initial setup. Supports 20–30+ developers with hundreds of concurrent agent desktops. $175K.
Enterprise on your Kubernetes — If you're already running Kubernetes in your secure environment, Helix deploys as a standard Helm chart. RBAC, SSO integration with your identity provider, audit logging to your SIEM. From $75K for an 8-week production pilot.
Both options support full air-gap operation. The choice depends on whether you already have GPU-equipped Kubernetes infrastructure or prefer a self-contained appliance.
Security architecture at a glance
| Layer | How Helix handles it |
|---|---|
| Network isolation | Runs fully air-gapped. Zero external connections required at runtime |
| Model security | Open-weight models with verifiable weights. No proprietary black boxes |
| Data residency | All data stays on your infrastructure. No cloud storage, no external APIs |
| Credential management | Ephemeral per-task keys. Issued at start, revoked at end. Branch-scoped |
| Access control | RBAC with SSO integration. Role-based visibility per project and team |
| Audit | Complete trail of every agent action. Local storage, standard export formats |
| Blast radius | Per-agent isolation. Compromised agent affects one branch of one repo for one task |
| Compliance | SOC 2 Type II, ISO 27001 certified |
| Telemetry | None. Zero. Verifiably absent |
Get started
Sovereign Server — Turnkey hardware shipped to your facility. 8× NVIDIA RTX 6000 Pro, 768 GB VRAM, Helix preloaded. Air-gap ready. $175K. Learn more →
Enterprise deployment — Deploy on your existing Kubernetes cluster. Full air-gap support. From $75K for an 8-week production pilot. Talk to us →