// on-prem · air-gapped · zero cloud egress

For the teams that can’t send their data to the cloud to secure it.

Seven tools.
One black box.

Seven security tools and a private AI model, sealed on your own hardware behind one hardened console. The appliance runs with its link to the outside disconnected, so your data has nowhere to go.

Request a briefing View the spec sheet
7
Tools
0
Cloud deps
100%
On-prem

// the case for one box

Seven capabilities. One line item.

One line item

Seven security capabilities and a private AI arrive as one sealed unit. Your team runs a single procurement, signs one contract and accredits one box.

One console

Everyone works from a single hardened screen. There is one tool to learn instead of seven dashboards, and nothing to integrate between them.

One audit trail

Every action across the seven tools writes to the same hash-chain log. You defend one perimeter and answer auditors from one record.

[ sealed unit · 7 tools + 1 gpu ai ]

Seven tools. One console.

Every tool ships installed, hardened and wired to the private GPU model. You open the console and the whole suite is already running.

CODE SECURITY

Onion ROOT

Proven flaws, already patched.

ROOT scans your code, then uses the on-box model to sort exploitable flaws from the noise. For each real one it writes a working proof of concept and a patch, and it tests that patch in a sealed container before it reaches you. You get fixes backed by evidence, not a pile of maybe-bugs.

Launch tool
DATA REDACTION

Onion Peel

Redaction that stays on the device.

Peel finds names, NHS numbers, IP ranges and other sensitive text across documents, spreadsheets, slides and scanned images. It strips them on the box, checks the file again before release, and blocks the export if anything sensitive slipped through.

Launch tool
MALWARE AIRLOCK

Onion Gate

A sheepdip for every file and USB.

Untrusted files pass through one gate. Defender, ClamAV and YARA scan each one in parallel and have to agree before it clears. Infected copies go straight to quarantine, and every decision lands in a tamper-evident log your SIEM can read.

Launch tool
POSTURE & COMPLIANCE

Onion Scope

Your Windows estate, scored against the frameworks.

Read-only collectors map your Active Directory, file shares, PKI and network, then score them against CIS v8, NCSC CAF, Cyber Essentials and NHS DTAC. You get each gap, the fix for it, and the risk of making that fix, before an auditor finds it first.

Launch tool
REMEDIATION TRACKER

Onion Bulb

Findings turned into proven fixes.

Bulb imports your findings register and opens one ticket per issue, routed to the right team and timed against its SLA. A ticket closes only when someone attaches evidence the fix is real, so progress on the board reflects work that actually happened.

Launch tool
DOCS VS REALITY

Onion Ledger

Your documents, checked against the live estate.

Ledger reads your design docs and runbooks, pulls out the claims they make, and checks each against what Scope found on the estate. When the paperwork says Server 2012 R2 and the scan says 2019, it shows you the drift and cites both sides.

Launch tool
RISK BRAIN

Onion Core

One question, your whole estate’s risk.

Core joins Scope’s findings with Ledger’s drift into a single risk picture, scored by fixed rules rather than the model. Ask it where your real exposure sits and it answers in plain language, citing the exact records behind every number.

Launch tool

// the private model · trusted ai

One private model, on your own GPU.

A single model runs on the appliance’s GPU, and the tools call it on the box. None of them reach a cloud API. Your code, documents and scan data stay put while the model works on them.

Private model powering the tools A private model on the appliance GPU, linked to the tools that call it. AI ROOT PEEL CORE BULB LEDGER SCOPE

What it does inside the box

  • Onion ROOTtells exploitable flaws from the noise and drafts the patch.
  • Onion Peelcatches sensitive phrasing that plain patterns miss.
  • Onion Scopeexplains each gap and orders the fix-first list.
  • Onion Bulbsummarises a remediation ticket for whoever picks it up.
  • Onion Ledgerreads your documents and shows where they drift from reality.
  • Onion Coreanswers a plain question about your risk, with the records cited.

The model explains and drafts. It never sets a severity, scores a risk or closes a fix. Fixed rules and your team do that, and the box records who decided.

Local NVIDIA GPU · runs offline · no data egress

// always-on · the caretaker agent

Caretaker watches the box for you.

Caretaker runs alongside the seven tools as the appliance’s own watcher. It checks each one on a loop, raises an alert when a tool fails or a sign-in looks wrong, and forwards the security events you choose to your own SIEM.

Self-monitoring

Caretaker probes every tool every few minutes. A failed health check, a run of bad logins or a locked account each raises a finding, so you hear about a problem on the box before a user reports one.

Into your SIEM

It normalises each security event to ECS JSON and ships it over one encrypted channel to the SIEM your SOC already runs. One feed, in a format your detection rules already read.

Your call, your data

Run the appliance fully air-gapped, or open this one channel to your own SIEM. Either way nothing goes to us or to a cloud, and you decide which events leave.

Probes all 7 tools · ECS 8.11 JSON · single TLS feed · no third-party cloud

status: air-gapped // cloud_dependency: none

Engineered to be sealed.

7
Tools
0
Cloud egress
100%
On-prem
4
Frameworks
DEPLOYMENT
100% on-prem · air-gapped capable · offline-first
CLOUD EGRESS
None. No data goes to us or to a cloud model
AI RUNTIME
Local NVIDIA RTX-class GPU · Ollama · no third-party API
SUITE
7 tools + 1 private model, one chassis
CONSOLE
Single hardened HTTPS console · one screen
TRANSPORT
HTTPS via internal CA · reverse-proxied
ACCESS CONTROL
Role-based access control (RBAC)
AUDIT
Full audit trail · hash-chain integrity
STORAGE
Encrypted at rest
SIEM
Optional forwarding to your own SIEM · ECS JSON over TLS
COMPLIANCE
CIS v8 · NCSC CAF · Cyber Essentials · NHS DTAC
DATA SOVEREIGNTY
Your hardware · your data · your control
Download datasheet

// defence-in-depth · every layer

Every layer sealed, every action logged.

Seven tools, one private model and one console sit inside a sealed chassis. By default the appliance has no outbound path, and you own every layer of it.

Zero egress is structural. The appliance has no route to the internet by default, and your team can run it with the external link unplugged. Every action writes to a hash-chain trail you can verify for yourself.

Onionio appliance defence-in-depth layers Five concentric layers, from the sealed chassis on the outside to the private GPU model at the centre. SEALED CHASSIS NO OUTBOUND PATH HARDENED CONSOLE HTTPS · INTERNAL CA RBAC + AUDIT HASH-CHAIN TRAIL ENCRYPTED STORAGE AT REST PRIVATE GPU MODEL ON-BOX · OLLAMA

class: on-prem // egress: 0 bytes

Built for the teams that can’t risk a leak.

Onionio suits the teams that hold the most sensitive data and have the least room for a leak. If sending it to a cloud to be analysed is off the table for you, the box keeps that work on-site.

Healthcare

You hold patient records, and every tool that touches them is another place they can leak. Onionio keeps redaction, scanning, reconciliation and the model on-site, aligned to NHS DTAC, and runs air-gapped so those records never leave your control to be secured.

Built for healthcare request a briefing

Government

Here sovereignty is the requirement. Run code testing, posture scanning and a private model inside your own perimeter, with no external dependency and an audit trail mapped to NCSC CAF and Cyber Essentials.

Built for government request a briefing

Essential services

Critical infrastructure cannot lean on someone else’s cloud or someone else’s uptime. One sealed appliance puts the whole security operation inside your fence line and keeps it running whether the outside link is up or not.

Built for essential services request a briefing
CIS CONTROLS v8NCSC CAFCYBER ESSENTIALSNHS DTAC

Output maps to the frameworks your auditors already use: CIS Controls v8, NCSC CAF, Cyber Essentials and NHS DTAC. The evidence is ready before they ask.

// for your security team

What your security team will want to know.

Seven tools in one box, isn’t that a single point of failure?

Putting them in one box cuts your attack surface; it does not pile risk into one careless place. Each tool runs isolated behind the hardened console and RBAC, and the chassis has no outbound path. You replace seven separately exposed products and the integrations between them with one perimeter you own and audit.

If it’s air-gapped, how do the tools and the model get patched?

Updates ship as signed offline media, and your team applies them on-site with no outbound connection. You choose when to apply each one, and it lands in the same hash-chain audit trail as everything else.

Does the AI make the security decisions?

No. The model explains findings, drafts patches and answers questions in plain language. It never sets a severity, computes a risk score or closes a fix. Fixed rules and your team do that, and every number the model repeats is checked against the underlying records first.

What if Consult First Ltd disappears, do I own a brick?

You own the hardware and the data outright, and the data stays in open, portable formats on the unit. The appliance keeps running offline, and nothing in its core operation depends on reaching us.

How do you prove nothing leaves the box?

By default the appliance has no outbound path, and it runs with its external link unplugged. Every action writes to a verifiable hash-chain log, so your team can show zero egress rather than take it on trust.

Does this fit public-sector procurement and our frameworks?

Yes. Output maps to CIS Controls v8, NCSC CAF, Cyber Essentials and NHS DTAC, so the evidence lines up with what your auditors already use. We run a scoping and pilot path that suits public-sector buying.

Who runs it day to day, and what support comes with it?

Your team runs everything from one console, with no specialist cloud skills. A briefing and scoping session fits the box to your environment, and we agree support and warranty as part of the unit.

// how to get one

From enquiry to sealed deployment.

  1. 01

    Request a briefing

    A 30-minute technical session with your security team, with no commitment to buy.

  2. 02

    Scoping & framework mapping

    We fit the appliance to your environment and the frameworks you report against: CIS v8, NCSC CAF, Cyber Essentials, NHS DTAC.

  3. 03

    On-site pilot

    You run a sealed unit inside your own perimeter, against your own data, air-gapped.

  4. 04

    Sealed deployment

    We deploy the unit and hand it over. You own the hardware and the data, and we agree support and warranty up front.

Built to suit public-sector procurement. Pilot units are available, and most teams go from briefing to pilot in weeks.

Take the whole operation in-house.

One sealed appliance: seven tools, a private model and no path out. You own every layer of it.

Download datasheet

> request a sealed unit

Prefer email? Write to hello@onionio.co.uk.