The Dilemmas of Private AI Deployments

Businesses are increasingly use private AI models for LLM-based applications. However, these private AI models often need to interact with providers systems, APIs and datasets which are in different networks than the AI models.

This creates two dilemmas:

1. The security risks of network-exposed surfaces

2. The operational costs and business slowdown of the complexity

These dilemmas are especially frustrating because the purpose of the LLM app isoften business velocity, and the purpose of the private LLM option is oftensecurity. So, two of the main purposes of the LLM are threatened.

Zero trust to the rescue?

IT’s recent strategy to replace network-exposed surfaces like VPNs to the zero trust architectures recommended by organizations such as CISA (Zero Trust 2.0 - May 2023) and NIST (SP 800-207). Unfortunately, current zero trust implementations focus on the central IT problem: enabling users to securely access their applications. LLMs however need to secure use cases such as APIs, data queries, server to server workloads, service provider connections, remote management and third party access. A new solution is needed for AI.

Eliminate all network access

The solution sounds simple and impossible: eliminate all the network access. Because of the sensitivity of the LLMs, their data, and resultant downstream actions, this ruthless ‘no-access’ policy is justified. And, fortunately, it can be done. The name of the solution is AI Enclave, and it eliminates network access.

  • 1. Increase the value of the AI provider’s solutions.
  • 2. Secure the connections between AI providers and their customers.
  • 3. Increase sales velocity – alleviating the security, regulatory and complianceconcerns of their customers, while avoiding the deployment time of VPNs,bastions and firewall changes.

AI Enclave can even provides end-to-end zero trust for applications built on LLMs.AI Enclave is built on NetFoundry’s open-source OpenZiti platform. Ziti secures over one billion sessions per year, including for leaders such as Digibee IPaaS Oracle Cloud (scroll down) and TZ's managed services. AI solution providers:

  1. Integrate AI Enclave in their solution (including white label). AI Enclave is multi-tenant, giving AI providers centralized control across all customers.
  2. Sell AI Enclave as an add-on (with NetFoundry managing it as SaaS)
  3. Use the open source version

Whichever model the AI provider chooses, the provider moves from managing bespoke point-to-point tunnels to centralized visibility and control via UI or API:

There are a few fundamental changes in the model:

  1. The model changes from implied trust to explicit authorization. AI sessions are secure, even if the underlying networks are compromised.
  2. The model changes from infrastructure-dependent to software-defined. For example, AI overlay networks are spun up in minutes to hours, and any network or cloud provider can be used. The result is a software-only, API-first, open source based solution which integrates with the AI ecosystem.
  3. The model changes from bolted-on to built-in. In this secure by default model, AI resources accept no inbound network requests. This secure by default model meets and exceed the strongest security guidelines including: CISA Zero Trust (Zero Trust 2.0 - May 2023); NIST (SP 800-207); and the U.S. Federal Government (Cybersecurity Strategy – March 2023)

AI Enclave Summary

Secure by default security is simpler and more effective than day two security. AI Enclave enables AI providers to integrate secure by default networking into their software. AI Enclave is built on NetFoundry’s open source OpenZiti platform. Ziti secures over one billion sessions per year. AI solution providers:

  1. Integrate AI Enclave in their solution (including white labeled). AI Enclave is multi-tenant, giving AI providers centralized control across all customers.
  2. Sell AI Enclave as an add-on (with NetFoundry managing it as SaaS)
  3. Use the open source version

On the security side, AI Enclave provides:


Identity based networking

Strong identities apply to every workload, andenable centralized management and end-to-end visibility. Identities areindependent of IPs, network providers, infrastructure and public DNS.


Strong authentication and authorization

Strong authentication and authorization of every session before it is given any network access, based on the strong identities. The auth(n) andauth(r) are independent of different administrative domains, enablingoperators to easily enforce explicit, contextual trust decisions.


Microsegmentation, mTLS and encryption for every session

Microsegmentation helps quarantine breaches and prevent data exfiltration. Encryption helps secure critical data, even in the face of an attack. Mutual TLS (mTLS) verifies both the ‘client’ and ‘server’ sides of each connection.


Not reachable from underlay networks

No open inbound ports – completely dark – noaccess from IT or any networks. Any port which is open to underlaynetworks depends on day two security solution to terminate the roguesessions which enter the port.

AI solution providers can get started in one of three ways:

NetFoundry Platform

Core Zero Trust Features

Zero Trust SDN

Software defined overlay network renders assets invisible to the Internet by enabling you to close all inbound firewall ports, without VPNs, permitted IPs, or bastions.

Authenticate and Authorize

Users and devices must prove their identity (authentication) and be granted specific access rights (authorization) before establishing a connection, including for third-party systems and API access.

Frequently Asked Questions

How do refunds work?

Open a refund request with us and we can work with you to resolve it ASAP.

Can I pay using AMEX?

Yes, we accept all major credit cards, including AMEX, so rack up those points!

Is there a bulk-buy discount?

We have corporate and enterprise arrangements that our pricing team can assist with on a case-by-case basis. Contact Us for info.

Is there a minimum contract term?

No! The beauty of our service is that you can cancel anytime you need to — no questions asked.

Do I need an SSL certificate?

This depends on whether your plan to process the payment on your site or not. We recommend using a third-party provider to unburden yourself.

Interactive Elements

With rich modal and notification functionality and a robust suite of options, Stack makes building feature-heavy pages simple and enjoyable.

Save Development Time

Drastically reduce the time it takes to move from initial concept to production-ready with Stack and Variant Page Builder. Your clients will love you for it!

Friendly Support

Our customers love the comfort that comes with six-months free support. Our dedicated support forum makes interacting with us hassle-free and efficient.