tab·tab
§The Platform · The OS and the silicon it runs on

TabTab OS.
The soul of every Tab.

TabTab OS is the AI Agents Operating System that runs your Tab — six coordinated agents handling development, marketing, sales, outreach, support, and operations. It runs locally on hardware your Tab owns. Today, that means sealed Apple Silicon. Tomorrow, that may mean more.

Tab Bench and Tab Field — the matched product pair
Fig. 00 / Premise

The OS runs on Apple Silicon today.

The principles of TabTab OS — local LLMs, owned data, no cloud lock-in, sealed nodes — work on any sufficiently capable local-first hardware. For the initial Tab cohort, we chose Apple Silicon for three reasons:

i. Mature unified memory

Apple’s M-series chips share memory between CPU, GPU, and Neural Engine. 30B+ parameter models run at full context locally on a single machine smaller than a hardcover book.

ii. Fanless form factors

A Mac mini sits in a closet for years without maintenance. Tabs need infrastructure, not workstations. No server racks, no cooling, no IT department to maintain it.

iii. Sealed supply chain

Apple ships new machines with predictable security guarantees, Secure Enclave, and Tailscale support. One vendor, one supply chain, one threat model. Other platforms, plural.

What follows is the silicon itself — what your Tab gets when the platform arrives. Two configurations, same OS.

Fig. I / Comparison

Head to head.

Both machines run the same TabTab OS. Same brain. Different body. Pick based on how the Chair works — from a desk, from the road, or both.

Spec
Tab · Bench
Tab · Field
Chassis
Mac mini · M-series
MacBook Air · M-series
CPU
12-core
10-core
GPU
16-core
10-core
Unified memory
24 GB
24 GB
Storage
512 GB SSD
512 GB SSD
Neural engine
16-core
16-core
Power
AC · always-on
Battery · 18 hr
Form factor
Desktop
Laptop
Best for
The home base
The road
§ 02 — Tab · Bench

The anchor.

MAC MINI · M-SERIES · 24GB UNIFIED · 512GB SSD

Lives at the desk. Runs the directors and heavy brains. Indexes the vault overnight. Active cooling for sustained inference.

Thermal sustenance

Active cooling allows sustained multi-hour inference runs — massive vector embeddings, overnight vault indexing — without thermal throttling.

Maximum compute density

No screen, no battery, no keyboard. Every gram is inference power. Ideal for running 30B+ parameter models at full context locally.

Always-on architecture

Designed for a closet or under a desk. Runs headless 24/7, SSH-disabled, Tailscale-only. The silent anchor of your org chart.

§ 03 — Tab · Field

The companion.

MACBOOK AIR · M-SERIES · 24GB UNIFIED · 512GB SSD

Rides in the truck. Runs on-device agents. Syncs with the Bench over Tailscale. Battery lasts 18 hours.

Built-in UPS

The battery is an uninterruptible power supply. If the office loses power, your agent stays online — 18 hours of inference without a wall outlet.

Hardware-level security

Touch ID and the Secure Enclave provide a physical hardware gate for credential management that a headless server cannot replicate.

Immediate interface

Built-in screen and keyboard for first-mile troubleshooting before the Tailscale tunnel is active. No Bluetooth pairing dance.

Whichever you pick, both ship with the same defensive architecture.

Fig. IV / Security

The security “sandwich”.
Four layers deep.

Every TabTab node ships with defense-in-depth security that eliminates the most common attack vectors in AI agent deployments. Your Tab’s data never leaves your hardware unless you say so.

i.

Hardware seal

SSH disabled at factory. No open ports. Tailscale loopback binding only. The node is invisible to the public internet.

ii.

Dirty-data protocol

Infrastructure email accounts isolate inbound data. Verified sender lists prevent prompt injection from malicious emails reaching agent context.

iii.

Bicameral architecture

The Steward handles strategy via a strict JSON schema. The Builder handles execution. They communicate through structured handoffs — no free-form LLM-to-LLM chatter that can be hijacked.

iv.

Mesh encryption

WireGuard encryption via Tailscale. All node-to-node traffic is end-to-end encrypted. Zero data traverses the public internet in cleartext.

Fig. V / Positioning

The architecture spectrum.
Where TabTab sits.

Every AI deployment falls somewhere on this spectrum. Tabs sit deliberately in the middle — owned hardware, owned data, but with the operational simplicity of a managed service.

DIY · Build it yourself

Self-hosted

  • Full control
  • No support
  • Weeks of setup
  • You are the sysadmin
TabTab · The middle

The Tab

  • Pre-configured hardware
  • White-glove onboarding
  • Local-first, your data
  • Sealed and supported
Cloud VPS · Rent a box

Noisy neighbors

  • Root password trust
  • Latency to your files
  • Monthly hosting fees
  • Provider reads metadata
Cloud API · SaaS

Zero hardware

  • Data leaves premises
  • Per-token pricing
  • Vendor lock-in
  • You don't own the model
§ Pick your chassis

Pick your chassis.
We handle the rest.

Hardware procured new. Configured at the bench. Sealed, shipped, and onboarded. Three-hour onboarding loads your knowledge vault. By Friday, your Tab is operating.

Apply to Charter a Tab →Read the FAQ
System operational
Buildv1.0.0-rc
Tabs deploy fromIrvine, CA
Continental US & Canada
QSBS-eligible · Delaware C-corp
© TabTab Studio — All rights reserved
A venture studio, not a service