Air-Gapped Execution Architecture
Securing the "Defense Stack": No external dependencies, no data leaks.
The "No External Dependencies" Claim
For high-security environments — defense, healthcare, and critical infrastructure — the "cloud-first" nature of most AI is a non-starter. Gobii's Defense stack is engineered for true air-gapped execution.
Unlike Hermes, which often defaults to external LLM providers (OpenAI, Anthropic) or requires complex local setup that still relies on external package registries, Gobii provides a self-contained runtime.
How Gobii Handles the Air-Gap
| Component | Standard Agent | Gobii Defense Stack |
|---|---|---|
| LLM Inference | External API (Cloud) | Self-Hosted / Local Inference |
| Package Management | pip/npm (External) | Internal Mirror / Pre-bundled |
| Browser Automation | Standard Playwright | Sandboxed, Proxy-Filtered Egress |
| Data Storage | Cloud DB | Encrypted Local SQLite / Postgres |
| Execution Environment | Local OS / Docker | gVisor-Sandboxed Pods |
The Security Gap: Hermes Local vs. Gobii Air-Gap
Running Hermes "locally" doesn't mean it's secure. If your local Hermes agent is calling gpt-4o, your data is leaving the building. If it's downloading Python packages during a run, you're vulnerable to supply-chain attacks.
Gobii's architecture enforces egress-only policies and proxy health-scoring. Even in a connected mode, the agent cannot exfiltrate data to unauthorized domains. In a true air-gap, the agent has zero network path to the outside world, yet remains fully functional thanks to its pre-indexed skills and local model weights.
The "Tedious" Setup Problem
Hermes researchers have noted that setting up a truly secure, local-only Hermes environment is "tedious." You have to manage the model server, the vector DB, the tool environment, and the security policies yourself. Gobii delivers this as a unified, air-gap-ready appliance.