Resources
Read up, and get answers.
Everything you need to understand Apex Vantage and make the case for sovereign, air-gapped security in your organisation.
Digital sovereignty in security & AI
Sovereignty has moved from policy debate to procurement requirement. This paper looks at what it really means for security and AI, the dependencies most tools quietly introduce, and what keeping your estate within your own borders looks like in practice.
Read the white paperMore white papers
Go deeper.
Why air-gapped capability matters
Cloud-tethered security tools quietly assume connectivity — and quietly leak telemetry. Why that's a growing liability, who can't accept it, and what genuinely air-gapped security and AI look like.
Read the white paper → White paperExploitability, not CVE counts
Why raw CVE counts are a vanity metric — and how EPSS, CISA KEV and attack-path context let teams fix the small fraction of vulnerabilities that attackers actually reach for.
Read the white paper → White paperYour AI security tool is exfiltrating your estate
Cloud AI copilots quietly send the most sensitive description of your environment to systems you can't audit. Why that's a liability — and what on-prem AI does differently.
Read the white paper → White paperOne agent, zero inbound
How outbound-only architecture, app-layer cryptographic identity and signed jobs remove whole classes of attack that agent-based tools usually introduce.
Read the white paper → White paperAutonomous red-teaming without the blast radius
Continuous attack-path discovery that reasons over data you already hold — strictly read-only, never live exploitation — so it's safe even in fragile OT and CNI estates.
Read the white paper →FAQ
Common questions.
Can Apex Vantage really run fully air-gapped?
Yes. The agent, the control plane and the AI all run on your own infrastructure. There is no cloud dependency and no telemetry leaving your network — Apex Vantage can operate on a network with no internet access at all.
How does Apex Vantage support data sovereignty and residency?
Everything — data, control plane and AI models — runs on infrastructure you own and govern, so your data and the AI that reasons over it never leave your network or your jurisdiction. That makes it straightforward to satisfy data-residency rules and resilience regimes such as GDPR, NIS2, DORA, SecNumCloud and BSI IT-Grundschutz, with a complete local audit trail as evidence.
Which operating systems are supported?
Windows, Linux and macOS, through one lightweight agent with full parity across all three. Self-provisioning installers are available for each (MSI, .deb/.rpm and .pkg).
What does the AI (Apex) actually do — and where does it run?
Apex is a multi-agent assistant that triages your questions and delegates to domain specialists (red-team, vulnerability, inventory, patch, compliance). Findings are computed deterministically, never invented by the model, and every model runs on-prem so no data leaves your network. A human confirms anything that changes a device.
How does it connect without opening inbound ports?
Each agent holds a single encrypted, outbound-only connection over HTTPS/WSS on port 443. Nothing listens for inbound connections, there are no inbound firewall rules, and it survives TLS-inspecting proxies.
Is the autonomous red-teaming safe to run in production?
Yes — it is strictly read-only analysis. It reasons over data you already hold to describe plausible attack paths; it never executes attacker tooling and never sends a job across an edge against a live device.
How is it deployed and kept up to date?
Devices enrol automatically with pre-stamped installers. Upgrades are operator-pushed, SHA-256-verified and applied by a detached updater, with a watchdog that rolls back automatically if a new agent fails to reconnect.
Still have questions?
Book a walkthrough and we'll answer them against your own environment.
Get a demo