This article reflects MLNavigator Research Group work. Deployment lives in AdapterOS.

← Back to Research Notes
security threat-model offline architecture

Threat Model: Offline-by-Default

January 29, 2026

Offline-by-default operation fundamentally alters the threat model. Some risks are eliminated. Others become more critical.

Risks Removed

Cloud vendor risk

No cloud provider has access to your data, models, or inference activity. No vendor bankruptcy, policy change, or subpoena affects your operations. You are not subject to another organization's security posture.

Third-party retention risk

No external service retains copies of your prompts, outputs, or usage patterns. No training on your data. No data broker has records of your AI activity.

Internet-exposed attack surface

No open ports. No API endpoints. No webhook receivers. No paths for remote code execution through the inference system. Network-based attacks require physical presence.

Risks with Increased Importance

Device security

The device running adapterOS becomes the entire security perimeter. Device hardening, secure boot, disk encryption, and endpoint protection are prerequisites, not optional enhancements.

Physical access control

Without network-based attacks, physical access becomes the primary threat vector. Facilities security, device custody procedures, and tamper detection matter more than in cloud deployments.

Supply-chain integrity

Software and model provenance must be verified before deployment. There is no cloud service checking signatures continuously. Verification happens at deployment time; compromised artifacts may not be detected afterward.

Update hygiene

Offline systems do not receive automatic security patches. Update procedures must be defined, tested, and executed on schedule. Deferred updates accumulate vulnerability exposure.

Implications for Deployment

Organizations deploying offline AI must:

  1. Harden endpoints - Treat inference devices as security-critical assets
  2. Control physical access - Implement custody and access logging for devices
  3. Verify provenance - Check signatures and hashes before deployment
  4. Schedule updates - Define and execute patch cycles manually
  5. Monitor locally - Implement on-device logging and anomaly detection

The trade-off is explicit: you eliminate external dependencies at the cost of assuming full responsibility for the security perimeter. For regulated environments where data sovereignty is non-negotiable, this trade-off is often required.

Continue Reading

All Research Notes Research Pillars