AS-301b · Module 3
Air-Gapped Inference
3 min read
For the highest security requirements — defense, healthcare, financial systems — network isolation is not enough. Air-gapped inference runs the AI model on infrastructure with no network connectivity whatsoever. Data enters through a one-way transfer mechanism. Results exit through a separate one-way transfer mechanism. The inference environment has no outbound network path. Period.
Air-gapped inference is expensive, operationally complex, and dramatically slower than cloud-connected inference. It is also the only architecture that provides a hard guarantee against network-based exfiltration. When the data classification is "restricted" and the regulatory requirement is "must not leave the controlled environment," air-gapped inference is not overkill — it is the specification.
Do This
- Use air-gapped inference for restricted data classifications where regulatory requirements demand physical isolation
- Implement one-way data diodes for input and output transfer — not bidirectional connections that are "usually disabled"
- Maintain separate update processes for the air-gapped environment — model updates are transferred offline and verified before deployment
Avoid This
- Deploy air-gapped inference for every use case — the operational overhead is justified only for the highest classification levels
- Create "air-gapped" environments with VPN tunnels for convenience — a VPN destroys the air gap
- Skip integrity verification on transferred data — the transfer mechanism itself is an attack surface