MICKAI
Article · 2 July 2026

Sovereign AI for aviation and aerospace: intelligence that stays inside the wall

Mickai is a sovereign intelligence operating system that regulated businesses own and run inside their own walls. For aviation and aerospace, where ITAR, the EAR, and the CLOUD Act put public cloud AI out of legal reach, we run the full stack on the customer's own hardware, air gapped, with a post-quantum audit record built to outlive the airframe.

Sovereign AI for aviation and aerospace: intelligence that stays inside the wall
Author
Micky Irons
Published
2 July 2026
Follow Micky Irons
LinkedInX
sovereign AIaviationaerospaceITARexport control

Why aviation and aerospace cannot send their data to public cloud AI

Mickai is a sovereign intelligence operating system that regulated businesses own and run inside their own walls. We built it for exactly the environment aviation and aerospace operate in, where the data is controlled, the regulators are exacting, and the export regime treats a single misrouted file as a criminal matter rather than a compliance footnote. We run entirely on the customer's own hardware, on premises and air gapped, with zero data egress and no public cloud round trip. Nothing leaves the perimeter, because in this sector nothing lawfully can.

Aviation and aerospace sit at the intersection of the most restrictive rules in the market. Design data, flight test telemetry, maintenance records, defect analysis, and supply chain intelligence are frequently controlled under ITAR and the EAR in the United States, and under equivalent export controls elsewhere. A large part of the operational data is also personal or safety critical. The moment any of that touches a public cloud AI service, the operator has to reason about where the model runs, which jurisdiction can compel access to it, and whether an inference request has quietly become an export. For most serious programmes, the honest answer is that the risk is not worth taking, so the AI never gets deployed at all.

The legal wall, stated plainly

We did not invent this constraint. It follows directly from the rules the sector already lives under. ITAR and the EAR restrict the movement of controlled technical data, including to cloud infrastructure that a foreign person could reach. The US CLOUD Act means data held by a US provider can be compelled regardless of where the servers physically sit, which is precisely the exposure a European or Middle Eastern operator cannot accept for controlled programme data. UK GDPR and its special category provisions govern the personal data that runs through crew, passenger, and workforce systems. The NIS Regulations set security obligations for operators of essential and important services, and aviation infrastructure falls squarely inside them. Where a defence or dual use element exists, the EU AI Act's high risk classification adds a further layer of documentation, testing, and human oversight duties.

Public cloud AI was not designed for any of this. It was designed to be shared, elastic, and multi tenant, with the model and the data living on someone else's infrastructure. That is a good fit for a marketing team and a disqualifying one for a controlled aerospace programme. The gap is not a matter of better contracts or a stricter data processing addendum. It is architectural.

What we run instead

We run about fifty specialist models, twenty five domain and twenty five operational, with cross model routing under a deterministic arbiter, so that the same input produces the same output. For a regulated buyer that reproducibility matters more than raw novelty. When an underwriting decision, a defect triage, or a compliance judgement has to be defended to an auditor or a regulator, we can show precisely which models ran, in which order, and why. We never send that reasoning to a third party to find out. It happens inside the customer's own walls, on the customer's own silicon.

Because the whole system runs locally, our value does not degrade when the network does. An air gapped maintenance, repair, and overhaul facility, a test range with no external connectivity, or a manufacturing line under export control can run the full stack with nothing leaving the building. We designed for that condition first, rather than bolting an offline mode onto a service that assumes the cloud is always one request away.

The Open Audit Record, built for a sector that lives on evidence

Aerospace runs on traceability. Every part has a history, every change has a signature, and every incident is reconstructed from records that must survive scrutiny years later. We built the Open Audit Record on the same principle. Every consequential action the system takes is signed under post-quantum cryptography, using FIPS 204 ML-DSA-65 with ML-KEM-768, and hash-chained into a tamper-evident, append-only ledger. Anyone can verify that ledger offline, for decades, without trusting us. If a decision is ever questioned, the record stands on its own mathematics rather than on our word.

The post-quantum choice is deliberate. Aerospace data has a long confidentiality horizon, and controlled technical information can remain sensitive far longer than current public key cryptography is expected to hold. Signing the audit trail with algorithms selected to resist quantum attack means the evidence produced today is still verifiable, and still trustworthy, when the aircraft it describes is decades into service.

Studios for the work the sector actually does

We deliver capability through studios, each a focused set of models and workflows for a specific function. Nemesis handles fraud and anti money laundering across the supply chain and financing side. Plutus covers finance and FP&A. Tyche runs underwriting, which matters directly to an industry that lives and dies by aviation insurance and risk transfer. Prometheus does forecasting, from demand to maintenance to spares. Iris runs customer service. Nomos handles compliance, and Astraea handles legal, which together carry the export control and regulatory load described above. Panacea covers clinical questions where crew and occupational health data are in scope. Pythia is business intelligence, Aletheia is audit, and Vinis is voice. The Agentic Marketing Team, Trust Agent as the perimeter, and OAR-as-a-Service complete the set. Trust Agent guards the boundary so that the studios can work on controlled data without that data ever crossing it.

For distributed operators, and aerospace is nothing if not distributed, we run Pantheon, a post-quantum Layer 1 currently on testnet. It provides multi-node attestation across fielded units with no central server, so a fleet of installations across bases, plants, and test sites can prove their state to one another without routing anything through a cloud control plane that ITAR would not permit in the first place.

The market we serve, and the market a platform cannot reach

This is not a niche. The sovereign AI market is roughly forty billion US dollars in 2025, rising to about one hundred and forty eight billion by 2032. Around 0.85 million UK businesses, about fifteen per cent of the total, and roughly five million across the EU legally cannot send their data to public cloud AI. Aviation and aerospace are among the most affected, because they carry export control, safety critical, and personal data obligations simultaneously. The drivers are concrete and already in force: PRA model risk expectations under SS1/23, UK GDPR special category data, the NHS Data Security and Protection Toolkit, the EU AI Act high risk classification, ITAR and the EAR, the NIS Regulations, and the US CLOUD Act.

Our strategy follows from that. We sell sovereign AI to the regulated operators the public cloud cannot lawfully reach, and we license the patented stack to the platforms that want to reach them. Our internal analysis maps 196 companies and 311 patent-company pairs as potential licensees, with names such as Microsoft, AWS, NVIDIA, Google, Adobe, and IBM appearing in that mapping. That is potential-licensee sizing, not a signed book and not an infringement claim. We are an ally to the AI majors, not their adversary. A platform that adds a sovereign layer instantly reaches a regulated market it cannot serve today, and aerospace is one of the largest doors that layer opens.

The moat under it

The protection behind all of this is real and documented. We hold 104 filed UK patent applications, covering roughly 2,340 claims across 13 invention families, owned by Mickai LTD, with named inventor Mickarle Sean Junior Wagstaff-Irons. These are filed, never granted, and we are precise about that distinction. Filing establishes priority and builds a prior-art moat around the sovereign architecture, the audit record, and the routing that makes the whole system reproducible. Mickai LTD is a UK company, Companies House number 17166618, with Birmingham manufacturing secured. Micky Irons is founder and CEO.

For an aviation or aerospace buyer, the summary is straightforward. We give you an AI capability you can lawfully deploy on controlled data, on your own hardware, with an audit trail that outlives the airframe and cryptography chosen to match. Our pre-seed round is opening soon, and we welcome inquiries from interested partners by email at micky@mickai.co.uk or on LinkedIn. The capability is live now, the market is already walled off by law, and we are the operating system built for the inside of that wall.

FAQ

Can Mickai run on a fully air gapped aerospace programme?

Yes. We run entirely on the customer's own hardware, on premises and air gapped, with zero data egress and no public cloud round trip. The full stack, including the models, the routing, and the Open Audit Record, operates with nothing leaving the building, which is the condition controlled programmes require.

How does the audit trail satisfy export control and regulatory scrutiny?

Every consequential action is signed under post-quantum cryptography (FIPS 204 ML-DSA-65 with ML-KEM-768) and hash-chained into a tamper-evident, append-only ledger. Anyone can verify it offline, for decades, without trusting us, which gives auditors and regulators independent evidence rather than a vendor assertion.

Are the patents granted?

No. We hold 104 filed UK patent applications, roughly 2,340 claims across 13 invention families, owned by Mickai LTD. They are filed, not granted. Filing establishes priority and a prior-art moat around the sovereign stack.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/aviation-aerospace. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles