Air-gapped AI is not paranoia. It's architecture.

The default security posture for every cloud AI product is: trust us. Trust our encryption. Trust our access controls. Trust our employees. Trust our subprocessors. Trust the 14 other companies in our SOC 2 report.

Air-gapping isn't about paranoia. It's about reducing the attack surface to zero. When a machine has no internet connection, there's no remote exploit vector. No phishing attack can reach it. No supply chain compromise in a dependency can exfiltrate data. The threat model collapses to physical access only.

TabTab ships with SSH disabled. The only network connection is a zero-trust Tailscale mesh to your authorized devices. The machine has no public IP. It doesn't phone home. It doesn't send telemetry. It doesn't check for updates unless you explicitly connect it to our update channel.

For a roofing company storing job site photos, customer addresses, and insurance claim details — this matters. For a law firm running document analysis — this matters more. For a healthcare-adjacent business handling patient information — this is the only responsible architecture.

We didn't build air-gapped AI because it's a selling point. We built it because it's the right engineering decision for machines that handle other people's sensitive data.

The question isn't whether you need air-gapped AI. The question is whether you can justify not having it.