MICKAI
Article · 29 June 2026

Air-Gapped RAG: Connecting Hyper-Sensitive Archives to a Local AI Engine

Decades of un-redacted records made searchable by a local AI, with a sovereign vector store that has no external route

Air-Gapped RAG: Connecting Hyper-Sensitive Archives to a Local AI Engine
Author
Micky Irons
Published
29 June 2026
Follow Micky Irons
LinkedInX
air-gapped RAGprivate RAGsovereign vector storezero data egresson-premise enterprise search

Air-gapped RAG connects a firm's decades of un-redacted, hyper-sensitive records to a local AI engine, indexing them into a sovereign vector store that has no external route, so the most concentrated knowledge the institution owns becomes searchable and reasoned-over without a single document ever crossing the internet. It is how a regulated firm finally gets retrieval-augmented generation over its real archive, the privileged, the confidential, the special-category, without turning that archive into a third-party's hosted liability.

Cinematic Greek pantheon scene, the goddess Mnemosyne, spirit of memory, rendered in void-black and satin-gold marble, cradling an endless scroll that coils into a vaulted archive, dramatic chiaroscur
Cinematic Greek pantheon scene, the goddess Mnemosyne, spirit of memory, rendered in void-black and satin-gold marble, cradling an

Retrieval-augmented generation, RAG, is the technique that lets an AI answer from a specific body of documents rather than only from its training. It is the single most valuable enterprise pattern there is, because an institution's edge lives in its own records. It is also the pattern that has been quietly out of reach for the firms with the most valuable records, for one structural reason: ordinary RAG sends the documents out.

Why cloud RAG pipelines fail the regulated buyer

A conventional cloud RAG pipeline does something a compliance officer should find alarming. To make an archive searchable, it reads every document, slices it into chunks, sends those chunks to an external service to be turned into vectors, and stores those vectors in a hosted vector database the firm does not control. The whole un-redacted corpus is processed, and often retained, outside the perimeter.

For a firm holding privileged, fiduciary or special-category data, every step is a problem:

  • The full archive becomes a third-party processing event and, where it crosses a border, a transfer the firm never intended to make.
  • The vector store, a mathematically searchable representation of the firm's entire confidential history, sits in a multi-tenant estate and is a standing exfiltration target.
  • The pipeline runs continuously: every new document re-exports the firm's secrets to keep the index fresh.

A Data Processing Agreement does not contain any of this. It is a liability contract, not a barrier. It does nothing to stop an infrastructure breach, a vendor outage or interception in transit. The documents and their vectors have already left the building.

Cloud RAG asks you to copy your most sensitive archive into someone else's system to make it useful. The sovereign answer is to make it useful where it already sits, and never copy it out at all.

A vast subterranean library of black marble shelves stretching into darkness, every scroll edged in satin gold, a single beam of light from above, mythic atmosphere, no text, no people, no charts, fra
A vast subterranean library of black marble shelves stretching into darkness, every scroll edged in satin gold, a single beam of l

The Mickai answer: the whole pipeline stays inside

The Mickai Sovereign Intelligence Operating System (SIOS) runs the entire retrieval pipeline on hardware the firm owns, through the Knowledge RAG subsystem and the Pinakes knowledge engine. This is Compute-to-Data in its purest form: the documents never move, and every stage that would normally export data runs locally instead.

  • The archive is read and chunked locally, by the SIOS, on the firm's own machines.
  • The embeddings are produced by a Mickai sovereign brain on local compute, not an external embedding service.
  • The vectors are written to the Mickai sovereign vector store, which sits inside the perimeter and has no external route out.
  • Queries are answered by a local model that retrieves from that local store and reasons over it in place.

Nothing is exported to create the index, nothing is exported to query it, and nothing is exported to keep it current. Zero data egress across the full lifecycle. Data residency holds because there is no pipeline to anywhere else. What happens in the server room stays in the server room.

What this unlocks

Unthrottled Context Ingestion is the practical payoff. Because there is no per-token cloud meter and no transfer to fear, the firm can index everything: the full matter history, the complete claims file, the entire research corpus, decades of board minutes. The institution's whole memory becomes one searchable, reasoning surface, and the marginal cost of indexing one more million documents is local compute, not a cloud invoice that punishes scale.

Why the vector store is the part that matters

Most discussion of retrieval focuses on the model, but for a regulated firm the vector store is the more dangerous object. It is a dense, mathematically searchable representation of the entire archive, and in a cloud pipeline it is the artefact that lives outside the perimeter the longest. A breach of the vector store is a breach of the firm's whole institutional memory in a form purpose-built for fast retrieval. The Mickai sovereign vector store removes that exposure by construction: it sits inside the perimeter, it is bound to the firm's own hardware, and it has no external route. The representation of the archive never leaves the building any more than the archive itself does.

A golden constellation of connected points carved into a black marble wall, like a private knowledge graph sealed in stone, cinematic god-ray lighting, void-black, no text, no UI, frameless, no waterm
A golden constellation of connected points carved into a black marble wall, like a private knowledge graph sealed in stone, cinema

Deployment and the cost case

A sovereign retrieval engine installs on reference hardware sized to the archive, sits behind the firm's existing firewall, and in its hardened configurations runs with the network path closed entirely. There is no continuous export job re-uploading new documents to keep a hosted index warm, because indexing happens locally as documents arrive.

The commercial case follows the architecture. Cloud RAG charges for embedding, for storage and for every query, so the cost rises with exactly the things a knowledge strategy wants to maximise: more documents, more users, more questions. The sovereign model turns that recurring, scaling operating cost into a predictable, depreciable capital asset. Once the compute is owned, indexing the next million documents and answering the next thousand queries costs local processing time, not a metered invoice. Predictable infrastructure asset depreciation replaces a bill that grows with adoption, and the engine runs independent of cloud outages because the firm owns the compute.

Pinakes the catalogue of Alexandria reimagined as a black marble index tablet inlaid with satin-gold Greek glyphs, dramatic lighting, void-black background, no text, no people, no UI, frameless, no wa
Pinakes the catalogue of Alexandria reimagined as a black marble index tablet inlaid with satin-gold Greek glyphs, dramatic lighti

What makes Mickai different

**The Open Audit Record.** Air-gapping the data is necessary but not sufficient for a regulated buyer, who also needs to evidence access. Every retrieval and every material action is written to a tamper-evident, cryptographically signed audit record: what was queried, what was retrieved, what was produced. When governance asks who reached which document and why, the answer is an inspectable record, not a vendor's assurance. Governance is an engineering property of the system.

**101 filed UK patent applications.** Mickai is built on 101 filed United Kingdom patent applications spanning the sovereign architecture, the audit primitive and the underlying mechanisms, including the sovereign retrieval and storage approach. That is a defensible moat and a real expertise signal for a buyer betting an entire knowledge strategy on a single platform.

**Hardware-bound identity, built and owned, not rented.** The index, the vector store, the model and the weights are the firm's own asset, bound to its own hardware, immune to vendor policy drift and to terms changing under it. The institution owns its knowledge engine outright.

Micky Irons, founder, chief executive and named inventor, built the Knowledge RAG subsystem to close the precise gap that kept the highest-value institutions out of the most valuable AI pattern: not the model, but the pipeline. Eliminate the pipeline and the barrier falls.

An obsidian vault wall with no door and no seam, faint golden light pulsing within to suggest a contained vector store with no route out, cinematic depth, no text, no people, frameless, no watermark
An obsidian vault wall with no door and no seam, faint golden light pulsing within to suggest a contained vector store with no rou

Where it lands

This is the engine beneath enterprise search, compliance retrieval, audit evidence and legal research across every regulated vertical: law firms over privileged matter archives, banks over decades of client files, healthcare over clinical records, defence over controlled technical libraries, and investigative press over sensitive source material. In each, the value is the same: the firm's own history, made intelligent, without leaving home. This removes the cross-border transfer and third-party processing path for the archive. The customer still keeps its own obligations on access, retention and consent, and Mickai gives it a sovereign place to enforce them.

A golden thread of Ariadne running from a black marble labyrinth to a single luminous scroll, suggesting retrieval through a sealed archive, cinematic macro light, void-black, no text, no UI, frameles
A golden thread of Ariadne running from a black marble labyrinth to a single luminous scroll, suggesting retrieval through a seale

Request a private demonstration

If you are a chief information officer, chief information security officer, chief operating officer, general counsel or chief financial officer who needs decades of sensitive records made searchable by AI without exporting a single document, request a private demonstration. We will index a reference archive into the Mickai sovereign vector store fully on-premise and show you retrieval, reasoning and the Open Audit Record, with no data leaving the perimeter.

ShareLinkedInXHacker NewsRedditMastodonBlueskyEmail
Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/air-gapped-rag-for-sensitive-data. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
23 Jun 2026
Hold Your Own Keys
When you and your competitors all run your crown jewels through the same frontier model, the only thing standing between your secrets and theirs is a boundary you do not control. The frontier providers are excellent and their security is real. The exposure is structural, not an accusation. The answer is custody: hold your own keys.
23 Jun 2026
The Third Answer to the AI Water Crisis
A viral argument has split the internet into two camps: switch the AI data centres off to save the water, or starve the taps to feed a coming superintelligence. Both are wrong, because both assume intelligence has to live inside one giant water-cooled megacentre. It does not. The third answer is sovereign, distributed intelligence on hardware you own, sited where it is used. You keep the water and the intelligence.
22 Jun 2026
Keep the Logs. Now Prove They Were Not Edited.
Everyone keeps the logs. Almost no one can prove the logs were never edited. That gap is the quiet weakness at the centre of the artificial intelligence boom, and it is about to become the whole conversation. Mickai's answer is three layers of verifiable proof: seal a signed record, anchor its hash to Bitcoin, run it on sovereign hardware, so an auditor can check what a system actually did without ever being let inside.
22 Jun 2026
Your AI Decision Is Discoverable. Can You Prove What It Did?
Every automated decision is now discoverable, by a regulator, a court, or the person it harmed. Explainability cannot answer for it, because a model narrating its own reasoning is still just a story. Mickai builds the alternative: a signed Open Audit Record, a hash anchored to Bitcoin through Pantheon, all on sovereign hardware, so anyone can verify what an AI did without trusting the operator.
See all articles →