Your Security Shouldn't Depend on Someone Else's API

Author

Ondrej Vlcek

Date Published

a giant phantom zero

Why the historical tension between frontier capability and full sovereignty is dissolving.

AI is rewriting the rules of cybersecurity, and many defenders now have capabilities that were unthinkable just a year ago. But the most security-conscious organizations are being left behind. Ask any leader at a financial institution, defense contractor, or critical infrastructure operator about deploying an AI security platform and they’ll tell you one of three things:

"Our source code, technical documentation, and security data are some of the most valuable things we own. It is not leaving our network, and it is certainly not going to a frontier lab that would love to train on it."

Or: "Compliance will never sign off on shipping regulated data bundles to a third party."

Or, in the most serious cases: "We're air-gapped. There is no API to call."

For years, the industry offered no alternative to SaaS. If you couldn’t share your data, you got an inferior, older on-prem version of the product, with massive false positive rates and glaring blind spots. In other words, the organizations with the highest security needs are left with the lowest-quality solutions.

We think that’s backwards. Deployment-agnostic AI isn't just a product feature; it's the foundational principle that makes AI-native security trustworthy. And this isn’t merely a matter of principle: the economics, the geopolitics, and the trajectory of the models themselves have all converged on the same answer.

You Shouldn’t Have To Trade Sovereignty for Security

An AI security system touches everything: your source code, your dependencies, your internal architecture, your custom authentication logic...much of the most sensitive data an organization possesses. In many instances, this data is the organization, representing years of institutional knowledge and operational expertise. Most organizations rightly treat this IP as a crown jewel and are deeply uncomfortable about handing it to anyone.

And this isn't about distrusting any particular vendor. Once your code leaves your perimeter, it inherits an entirely new risk surface: interception in transit, a breach at the provider, an abrupt change in data-handling policy, or a government order compelling disclosure. The provider's intentions can be impeccable and the outcome can still be catastrophic.

Data that never leaves cannot be intercepted, repurposed, or misused.

Yet the standard architecture of AI-native security tools assumes that everyone will make this tradeoff. The idea that every organization should be comfortable sending their most valuable assets through a frontier API, irrespective of their threat model or regulatory environment, sends a clear message: our use case matters more than your security posture.

That's a position no security company can defend. And now, they don't have to.

Frontier Sets The Bar But Specialists Clear It

The SaaS-only worldview assumes the biggest frontier models will always be best at everything, so the only question is how to get your code and other contextual data to them safely. That assumption is not supported by the evidence.

Frontier models open the horizon of possibility. But cyber is a specific kind of workload: bounded, tool-heavy, evaluable, and data-rich. That's precisely the profile where a smaller specialist model, wrapped in a high-quality harness, can match or beat a giant general-purpose one.

And the advantage of specialization isn't unique to security. Across domain after domain, narrowly specialized small models have been overtaking the giants on their home turf:

  • A set of 25 fine-tuned Mistral-7B adapters outperformed GPT-4 on a number of specific tasks they were built for. Each trained for under $8 and was served from a single GPU.
  • In mathematics, a 1.5-billion-parameter model matched a 7B generalist while using roughly a fifth of the memory, and specialist models like Qwen2.5-Math beat far larger ones on competition math.
  • In a medical study published in Nature, fine-tuning lifted exact-match accuracy on ICD-10 clinical coding from under 1% to over 97%, beating frontier general models.
  • OpenAI's own gpt-oss-20b matches or exceeds its o3-mini on competition math and health benchmarks at a fraction of the size, runnable on consumer hardware.

In each of these cases, when a complex task is well-scoped, a small specialist plus the right training and tooling beats a generalist many times its size. Cyber is exactly the sort of complex domain where we should expect to see similar results. And that’s what IBM Research found in late 2025, when their CyberPal 2.0 family of 4B-20B security models matched or surpassed open and closed frontier models across cybersecurity benchmarks.

On the task that matters most to us, correlating vulnerabilities and bug tickets with the right weakness, their 20B model ranked first, ahead of GPT-4o, o1, o3-mini, and Sec-Gemini v1. Even their smallest 4B model ranked second.

AISLE’s own results support the case. We've shown that a 4.7-billion-parameter model, given the right harness, finds the same flagship vulnerability as the headline frontier system. And in our internal benchmarks, compact specialist models have matched frontier-class detection efficacy at roughly 10 times the speed. As our Chief Scientist, Stanislav Fort, put it, cybersecurity capability is jagged. We'll be publishing more of this work to advance the discussion on the merits.

This debate isn’t merely theoretical. It has real security implications for teams in regulated industries. If a model small enough to run on your own infrastructure can do the job, you don’t need to send your code anywhere. The historical trade-off between frontier capability and full sovereignty is dissolving.

Owning the Model Beats Renting Tokens

Technology questions matter, but they're not the only ones. To anyone managing a budget, the economics matter just as much. And here, the case gets even stronger for owning your models rather than renting them by the token.

The token-metered API was priced for chatbots: a user asks, the model answers, and you pay for one round trip. Cybersecurity doesn't work that way. The workflows are agentic, spanning detection, triage, remediation, fuzzing, reverse-engineering, and threat hunting. In other words, these are outcome-driven jobs where the model reasons, calls tools, verifies, and self-corrects across long loops. Gartner's 2026 analysis found that such workloads consume 5 to 30 times more tokens per task than a standard chatbot.

And that's before you account for the data. Security drinks from a firehose that typically includes terabytes of SIEM telemetry, codebases running to hundreds of millions of lines, and thousands of architecture documents needed just for context. Multiply long agentic loops by that input volume, and the bill compounds. When the unit of value is an outcome but the unit of billing is a token, the two are fundamentally misaligned. AI security gets more expensive as it gets more effective.

The market is starting to price this in. Citadel recently argued that AI adoption is no longer about what models can do, but rather what they cost to run. When tokens are expensive, they get rationed, and use cases get cut to fit the bill. That's a dangerous logic to apply to security, though, because when tokens are the constraint, the hardest and least likely leads are the first to go. And those are exactly where the serious vulnerabilities hide.

Owning the model changes the economics. By running inference on infrastructure you control, you reduce the marginal cost of an additional token toward zero. Suddenly, effectiveness stops being a line item.

Operationally, control gets you predictable latency instead of peak-hour API spikes, guaranteed availability instead of dependence on a third party's uptime and rate limits, and reproducibility instead of model updates that change your results between scans. You aren't exposed to someone else's pricing changes, deprecation schedules, or terms-of-service revisions. For a function as critical as security, that independence is vital.

Sovereignty Is No Longer Optional

Even if the technology and economics didn't force the issue, the law would. Sovereignty has become a board-level mandate. Deloitte's 2026 Enterprise AI Report found the share of executives ranking AI sovereignty as a priority jumped from 41% in 2024 to 93% by early 2026, and more than 100 countries now have data localization laws on the books. The ground is shifting fast, but the EU AI Act's obligations for high-risk systems, including critical infrastructure, take effect on 2 August 2026, and the upcoming Cyber Resilience Act adds direct obligations around secure development and vulnerability handling.

When it comes to law, control often matters as much as residency. Code processed by a foreign-headquartered cloud provider can be subject to that provider's home-country legal demands regardless of where the servers physically sit - see the US CLOUD Act, for example. For a defense contractor, a national bank, or a critical infrastructure operator, sending source code to a vendor who can be legally compelled to hand it over to another government is a non-starter. So is a security platform that only runs as someone else’s SaaS.

What You Need to Be Deployment-Agnostic

This is why AISLE is built to adapt to each organization’s unique constraints and not the other way around. Think of it as a ladder of increasing control over where your code goes and who can touch it.

  • Managed SaaS — The fastest path to value for organizations comfortable with cloud processing.
  • Your own cloud tenancy (e.g., Amazon Bedrock) — Inference runs inside your own AWS account and region, so foreign jurisdiction reach like the CLOUD Act is still in play.
  • Sovereign cloud — For organizations whose constraint is jurisdictional rather than technical, this isolates both the data and the operational control plane within the required jurisdiction.
  • Private / self-hosted deployment — You own everything: the models, infrastructure, logging, and audit trail.
  • Air-gapped mode — The highest level of security requires pre-loaded models, offline updates, and an entirely different operational posture.

Until recently, each rung on the privacy ladder cost you in terms of performance. Now that specialist models with strong harnesses rival frontier systems on cyber tasks, that’s no longer the case. With the right engineering around the model, you don’t need to compromise on security to gain privacy. You can have both capability and control.

Why This Matters

So far, the security organizations that have benefited most from AI are those with the lowest barriers to adoption, like startups. Yet moving fast and breaking things is not an option when you’re running power grids, clearing financial transactions, managing classified systems, or defending national infrastructure. It’s time to stop asking the most important services to tolerate less capable cybersecurity products because they need full sovereignty.

Weaknesses in critical infrastructure don't stay contained: an OpenSSL zero-day affects the entire internet, a supply-chain compromise in defense software reaches far beyond one organization, and a breach at one bank or hospital ripples through everything connected to it. And as time-to-exploit continues its freefall from months to minutes, the clock is running out.

Deployment-agnostic AI is how defenders keep up.

A Closing Thought

The industry has a habit of building for the easiest customers first and calling it progress. SaaS is easier to build, easier to sell, and easier to iterate on, so perhaps it’s not surprising that the headline AI security companies of the last few years have focused there. They've done useful work. But the hardest security problems aren't where tooling is easiest to deploy. They're where constraints are highest, where the cost of a missed vulnerability is the most severe, and where "just use SaaS" was never an answer.

The enterprises that take security most seriously are also the ones that think hardest about deployment. The most demanding run the full range at once, from cloud-native workloads to disconnected environments. Building for them means building for the whole spectrum, which is what we've done.

Deployment-agnostic AI may not be as easy to build, sell, and iterate on as SaaS, but it is the only way to ensure that the organizations that most need pioneering security products, which are also the ones we rely on for healthcare, financial services, and defense, can actually use them. When the environment adapts to each organization’s security requirements, startups can keep moving fast, and the rest of us won’t get left behind.