DEFENCE

AI in defence runs where the data lives — and only there.

Air-gapped Kubernetes. ITAR-compliant supply chain. Technical manual chatbots for maintainers. Intelligence summarisation for analysts. No cloud, no telemetry, no exfiltration path.

Book a demo

Defence's AI moment is the inverse of consumer AI's. The use cases are powerful — ISR analyst support, maintenance crew copilots, technical document Q&A across thousands of pages of NATO-restricted material — but the deployment posture is unforgiving. Cloud is a non-starter for most use cases. Telemetry to a vendor is a non-starter. ITAR and EAR define the perimeter and the perimeter does not flex.

The buyers are NATO-aligned primes (Leonardo, Thales, BAE, Airbus DS, Rheinmetall, Saab, Lockheed-tier partners), national defence ministries, and intelligence services. The buying process treats AI tooling as a weapons-system component for governance purposes — full provenance, no surprise dependencies, classified-environment-deployable.

Kosmoy is one of the few enterprise AI platforms designed for this perimeter from the start. Single-tenant, Kubernetes-native, fully air-gappable. No vendor telemetry. The platform image and its updates are delivered through controlled channels and run inside the customer's classified network. Leonardo, Europe's largest defence and aerospace company, is a Kosmoy customer.

What this industry runs into.

Air-gapped and classified deployment

Most AI platforms assume cloud connectivity. Defence customers run in environments without internet egress — sometimes without any external network at all. The platform has to install, update, and run there.

ITAR / EAR export control

Technical data marked ITAR or EAR cannot cross national or person boundaries without licence. AI tooling has to enforce the boundary, not just trust users to remember.

Dual-use risk

An LLM trained for technical document Q&A can also generate dual-use content if asked. Guardrails have to enforce the line, and the line is sharper than commercial guardrails address.

Personnel turnover and institutional memory

Maintenance crews rotate; analysts move; programmes stretch over decades. AI agents that capture the institutional knowledge of legacy systems become strategic assets — and as such have to be governed accordingly.

Regulatory landscape.

The regulations that shape AI in defence — and where each one bites on AI deployment.

ITARInternational Traffic in Arms Regulations (22 CFR 120-130)· US

Defence articles and technical data are export-controlled. AI tooling that processes ITAR-marked data must enforce the licence boundary on every read, retrieval and output.

EARExport Administration Regulations (15 CFR 730-774)· US

Dual-use technology export control. Software, models and algorithms can themselves be controlled. Cross-border AI tooling deployment touches EAR.

CMMC 2.0Cybersecurity Maturity Model Certification· US (DoD contractors)

Defence contractors must hold the appropriate CMMC level for the data they touch. AI infrastructure is in scope of the certification.

NIST 800-171Protecting Controlled Unclassified Information· US

CUI-handling controls extend to AI infrastructure that processes controlled material.

NIS2Network and Information Security Directive 2· EU

Defence-adjacent critical entities (electronic comms providers, ICT services) are in scope. AI infrastructure must meet incident reporting and risk management obligations.

EU Defence Industrial StrategyEDIS / European Defence Industry Programme· EU

Funding and contracting for EU defence emphasises sovereign capability and supply chain provenance — AI vendors in the supply chain are evaluated on those terms.

Use cases that are actually shipping.

Air-gapped ISR analyst support

An intelligence analyst processes a packet of captured documents in an air-gapped network. The agent summarises, identifies entities, flags inconsistencies with prior reporting, and produces a structured summary in the agency's reporting format. The analyst reviews, edits, signs the assessment. No data leaves the network; no model call leaves the cluster.

Analyst throughput on bulk-document review rises 3–5x on equivalent staffing. The audit trail (which document informed which conclusion) is preserved as part of the reporting workflow.

Powered byAction Capsule RAG-in-a-Box Guardrails

Technical manual chatbot for maintenance crews

Maintenance technician on a Eurofighter or Tornado opens the chatbot on a hardened tablet. 'What is the torque spec for the engine bay panel fasteners?' The agent retrieves from the relevant Technical Manual page, returns the answer with the page citation, and logs the query. The crew has the manual without paging through 4,000 pages.

MTBR (mean time between repair-event-resolutions) drops measurably on platforms where the chatbot is deployed. Newer crews ramp to senior productivity faster.

Powered byRAG-in-a-Box Agent Builder Action Capsule

Supply chain ITAR / EAR compliance

Procurement places a tender for a sub-component. The agent reads the technical specification, the country of supply, the end-use declaration, and runs the export-control check: is this part ITAR-controlled? EAR-controlled? Does the destination country require a licence? It produces a structured assessment with the specific clauses that triggered. A licensed compliance officer signs off.

Defence primes catch ITAR/EAR violations at tender stage rather than at delivery. Programmes avoid the cost of licence retrofits on contracts already signed.

Powered byAgent Builder Guardrails AI Gateway

RFP and proposal generation

Defence prime responds to a major NATO or EDF tender — hundreds of technical sections across system engineering, logistics support, cybersecurity, programme management. The agent searches past wins, programme manuals and capability statements, drafts answers, and flags gaps where the firm has no prior content. Bid teams focus on the differentiated sections.

Bid response cycle compresses by 30–50% on the standardised sections of large tenders. Win rates improve on the questions where consistency across responses matters most.

Powered byRAG-in-a-Box AI Gateway

Cyber threat intelligence summarisation

Security operations centre receives 200+ threat intel feeds per day — vendor reports, government advisories, OSINT, internal incident reports. The agent normalises, deduplicates, summarises, links related items, and ranks by relevance to the firm's exposed surface. The analyst gets a daily 5-page briefing instead of a 200-document inbox.

Cyber analysts respond to relevant threats faster because they're not spending the morning categorising the inbox. The audit trail of why a threat was prioritised survives the next post-incident review.

Powered byRAG-in-a-Box Agent Builder Insights Dashboard

Agent governance

Where defence agents need extra discipline.

Defence-sector agents have the strictest containment requirement of any industry Kosmoy supports. The Action Capsule is mandatory for any agent that reads classified or ITAR-marked material. The Capsule's only egress is the AI Gateway; the only models accessible are those approved for the classification level. An agent in a SECRET-cleared workspace cannot reach an unclassified model in the same cluster, and an agent in an unclassified workspace cannot reach SECRET material.

The Agent Registry captures every agent with its clearance level, its allowed retrieval scope and its allowed actions. Personnel turnover doesn't create governance debt — when an analyst rotates out, the agents they used are still registered with full provenance. Programme inheritors see what was built, what it was approved for, and what changed when.

Chatbot use cases

Chatbots, by surface and risk class.

Defence chatbots run inside the perimeter. Outward-facing customer chatbots are rare; the dominant patterns are crew-facing (maintenance, ISR, training simulation), supplier-facing (procurement portal, ITAR pre-check), and internal-facing (HR for cleared personnel, IT helpdesk on classified networks).

Maintenance crew Q&A on hardened tablet

Air-gapped manual lookup with citation. The chatbot never invents specifications; it returns the manual page or says it can't find an answer.

Tactical training simulation

Training scenarios with chatbot-driven adversaries — strict guardrails enforce that the chatbot can never advise on real targeting or actual weapons release. Training-only domain enforced at the gateway.

Supplier portal — pre-tender ITAR check

Suppliers ask 'is this component classification I'm sending you ITAR-controlled?'. The chatbot reads the technical data, runs a preliminary check, and routes ambiguous cases to a licensed officer.

Cleared personnel internal helpdesk

HR and IT helpdesk on classified networks — leave policy, security clearance renewal, IT troubleshooting. Citation-grounded answers from internal policy docs; never extrapolates beyond the source.

How Kosmoy fits.

Defence is the industry where Kosmoy's deployment posture is most differentiated. The platform deploys air-gapped — a typical install ships as a signed image bundle, applied through controlled-update channels into a customer-managed Kubernetes cluster. No outbound network. No vendor telemetry. The platform itself produces zero data exfiltration paths. Updates are explicit, signed, customer-applied.

The architecture suits programmes that span decades. Five years from now, the agents the prime built today are still registered in the AI Inventory with every change captured. The institutional memory survives personnel rotation, programme transfers and security clearance changes.

Customer

Leonardo

Europe's largest defence and aerospace company runs Kosmoy in its AI operating layer.

Module questions, answered straight.

Can Kosmoy run fully air-gapped?

Yes. Air-gapped install is a primary deployment mode, not a special case. The platform image and any pinned models (vLLM-served Llama variants, fine-tuned SLMs) ship as signed bundles. Updates are customer-applied through controlled channels. No outbound network is required.

How does Kosmoy enforce ITAR / EAR boundaries?

Each agent's retrieval scope and accessible model set are bound to its classification level. Cross-classification reads fail at the gateway. Outputs marked at a classification cannot be retrieved by an agent below that classification. Audit logs record every classification-relevant decision.

What about CMMC and NIST 800-171?

The platform is designed to operate inside an environment certified at the appropriate level. Kosmoy maps the platform's controls to the relevant 800-171 / CMMC requirements as part of the security documentation. The customer's own assessment covers the deployment.

Can we run open-weight models in this environment?

Yes — typically the only practical option in classified deployments. Llama variants, Mistral models, fine-tuned domain-specific SLMs all run on customer-controlled GPUs (vLLM, Ollama). The Gateway treats them like any other provider with a private endpoint.

Run AI inside the classified perimeter, not next to it.

See how Kosmoy deploys air-gapped, enforces ITAR/EAR boundaries, and contains agent runtime in defence environments.

Book a demo Email sales@kosmoy.com