Sovereign AI for Biotech Labs
How a sovereign intelligence operating system keeps proprietary research sealed on the customer's own hardware, with provenance and revocable brains on every result
A biotech laboratory is a vault that happens to have pipettes in it. Inside its walls sit assay results that took years to generate, molecule libraries that cost a fortune to synthesise, patient-derived sequences bound by consent, and the tacit knowledge of scientists who have spent careers narrowing a search space. When artificial intelligence enters that room, the first question a serious research director asks is not how clever the model is. It is where the data goes, who can see it, and whether anyone can prove what the system actually did.
Most cloud offerings answer that question with a promise. We answer it with cryptography and physics. Mickai is a Sovereign Intelligence Operating System, a SIOS, that runs on hardware the laboratory owns, air-gapped or on-premise, with zero data egress. Proprietary research stays sealed inside the building, and every result it touches carries provenance and a revocable brain. This is not a policy setting we hope holds. It is how the substrate is built.
The problem the public cloud cannot solve on your terms
The cloud giants, OpenAI, Microsoft, AWS, Google and Oracle, are extraordinary allies for general work, and they operate at a scale no single laboratory could match. They are also a different layer. Their business is to bring your data to their infrastructure. For a great deal of biotech work that trade is acceptable. For the crown jewels it is not. A novel target hypothesis, an unpublished mechanism of action, a screening result that has not yet been protected: these are assets whose entire value depends on nobody else holding a copy.
Regulation makes the boundary sharper still. Laboratories handling human material live under the General Data Protection Regulation (GDPR) and, where clinical work touches United States patients, the Health Insurance Portability and Accountability Act (HIPAA). Firms with dual-use chemistry sit inside export controls such as the International Traffic in Arms Regulations (ITAR). The forthcoming European Union Artificial Intelligence Act (EU AI Act) adds duties around high-risk systems and record-keeping. None of these regimes is satisfied by a reassuring paragraph in a vendor's terms of service. They demand that you can show, on demand, exactly where data lived and what was done to it. Mickai serves that regulated boundary the public cloud cannot cross, on the customer's own terms.
Sealed on-premise, by construction
Mickai installs on the laboratory's own machines. That can mean a rack in the server room, an isolated workstation beside the sequencer, or a fully air-gapped enclave with no route to the internet at all. The brains that do the reasoning, the retrieval indices that hold your literature and your internal reports, the vector stores that carry your assay history: all of it lives where you can put your hand on it. Nothing is streamed to an external endpoint to be processed and returned.
This matters beyond secrecy. Air-gapped operation removes an entire category of risk from the threat model. There is no API key to leak, no traffic to intercept, no third-party subprocessor to audit, no jurisdiction shopping over where your patient data physically rests. When a review board asks whether protected material ever left the premises, the honest answer is that it could not have, because there is no wire for it to leave on. We build every capability so it can run that way, even the ones that lean hard on the hardware, because the boundary is the point.
Provenance on every result
In science a result you cannot trace is a result you cannot trust. Mickai treats provenance as a first-class output, not an afterthought. Every action the system takes is described by an Operation Attestation Record (OAR) that is signed before the action executes, not after. The record names the brain that acted, the inputs it read, the parameters it used and the moment it ran. Because the signature comes first, there is no window in which the system can do one thing and report another.
Those records are written into a tamper-evident, cryptographically-signed audit ledger. The entries are hash-linked with SHA-3-512 into a chain, so altering any past record breaks every record that follows it, and the break is visible to anyone who checks. The signatures use post-quantum cryptography, the Federal Information Processing Standard 204 (FIPS 204) ML-DSA-65 scheme, so the proofs hold even against an adversary with a future quantum computer. Crucially, all of this verifies offline. An auditor, a patent examiner or a regulator can confirm the chain on an isolated machine without calling home to any server we control.
For a laboratory chasing intellectual property, this is the difference between a lab notebook that says a discovery happened and a mathematical proof of when it happened and how. When you file one of your own patents, the provenance chain behind the supporting analysis is itself evidence.
Revocable brains you can switch off
A brain in Mickai is a bounded, named reasoning subsystem: a sequence-analysis brain, a literature-synthesis brain, a protocol-drafting brain. Each is revocable. If a brain is found to be flawed, out of date, or simply no longer trusted for a particular class of work, it can be revoked, and the revocation is enforced by the substrate rather than requested politely. Once revoked, a brain cannot sign new attestation records, so it cannot act.
This gives a research director a control that cloud systems rarely offer: the ability to draw a hard line under a model's outputs. Suppose a brain was trained on a dataset later found to be contaminated, or a version is superseded by a validated successor. Revoke it, and every future result must come from a brain still in good standing, while the historical results it produced remain in the ledger, honestly stamped with the brain that made them. Nothing is quietly rewritten. You get correction without erasure, which is exactly what a defensible research record demands.
High-stakes actions need more than one signature
Some laboratory decisions carry real weight: releasing a batch, ordering a controlled reagent, exporting a dataset to a collaborator, promoting a candidate into a regulated study. For these, a single system output is not enough. Mickai can require multi-brain agreement plus a voice-biometric approval from a named human before a high-stakes action proceeds. Several independent brains must concur, and a specific, enrolled person must speak to authorise it.
The result is separation of duties enforced in cryptography rather than in a spreadsheet of permissions. No lone process, and no single compromised credential, can push through a consequential act on its own. For firms working towards standards such as the International Organization for Standardization 42001 (ISO 42001) for artificial intelligence management, or aligning with the National Institute of Standards and Technology Artificial Intelligence Risk Management Framework (NIST AI RMF), this is the kind of concrete control that turns a governance aspiration into an operational fact.
Built for the whole laboratory, not one bench
Mickai is delivered as an operating system, so its subsystems and studios span the laboratory rather than solving a single task. Literature and internal reports are retrieved together under the same seal. Protocol drafts, statistical summaries and regulatory documentation are generated inside the boundary. Scientists interact with the system by asking in plain language and, where they prefer, by voice, while every interaction lands in the same signed ledger. The experience is modern and fluid; the guarantees underneath it are unusually hard.
The capabilities are protected by a substantial body of work. There are 104 filed United Kingdom patent applications, comprising about 2,340 claims, owned by Mickai LTD. We frame that portfolio by what it protects: the attestation-before-execution model, the offline-verifiable ledger, the revocable-brain architecture and the multi-party approval scheme that make sovereign research assistance trustworthy in a regulated setting.
The bottom line
Biotech runs on secrets and on records. Its secrets are the proprietary research that must never leak, and its records are the provenance that must always hold. A Sovereign Intelligence Operating System is built for exactly that pairing. Mickai keeps the work sealed on hardware the laboratory owns, signs every action before it runs, chains those signatures into a ledger anyone can verify offline, and lets a research director revoke any brain the moment trust in it ends.
The cloud giants remain valuable allies for the open, general work of science. For the closed, irreplaceable core, the answer is a substrate that treats sovereignty and proof as the foundation rather than the feature. That is the boundary we were built to serve, on the customer's own terms.




