Locs is the private AI infrastructure layer for sensitive enterprises — local LLM runtime, governed knowledge, signed offline intelligence updates, and an evidence layer your auditors can verify offline.
Locs exists for organisations where AI failure, data leakage, and weak governance are not acceptable.
Prompts, tickets, configs, and customer records flow into public LLMs today — invisible to security, irreversible once sent. Locs gives your teams a sanctioned alternative that never exports raw data.
A local LLM alone is weaker than frontier models and frozen at its training date. Locs enriches it with governed internal knowledge and refreshes it through verified, signed intelligence updates.
Security boards refuse AI they cannot permission, approve, audit, or reverse. Locs is built around RBAC, two-key approvals, prompt controls, a kill switch, and full rollback — governance is the product.
What entered the AI? Who approved it? What did it affect? Can it be reversed? Locs answers all of it from a hash-chained, tamper-evident evidence layer.
Nothing becomes local AI knowledge unless it is classified, redacted, packaged, approved, versioned, and reversible. Watch the flow.
Local deployment protects the data boundary. Locs governance protects everything inside it.
Credentials, keys, and tokens are detected deterministically and refused ingestion outright.
Subscriber identifiers, IPs, and hostnames are masked before anything is embedded or served.
No one activates their own knowledge. Security-flagged content requires a distinct reviewer.
Knowledge is separated per module and filtered by role at retrieval time — not in the prompt.
One governor action halts every AI path — answers, activations, exports, and bridge serving.
Every action is hash-chained and append-only. Tampering with history breaks the chain visibly.
Every update carries a rollback ID and impact map: modules, roles, and answers it touched.
One switch removes the outbound path entirely. Intelligence enters only as signed offline bundles.
Locs improves your local AI the way critical infrastructure imports software: verified, signed, tested, approved, and reversible — never as a live external data bridge.
| Public LLMs | Basic local LLMs | Generic RAG | Locs | |
|---|---|---|---|---|
| Enterprise data stays local | NO | YES | VARIES | YES — by architecture |
| Frontier-grade intelligence | YES | NO | NO | YES — imported, verified, signed |
| Knowledge stays current | YES | STALE | MANUAL | YES — governed update packs |
| Role-permissioned knowledge | NO | NO | BASIC | YES — enforced at retrieval |
| Approvals & rollback | NO | NO | RARE | YES — two-key, reversible |
| Audit-ready evidence | NO | NO | LOGS ONLY | YES — signed, tamper-evident |
| Fail-closed on high risk | IMPROVISES | HALLUCINATES | UNSCORED | YES — refuses, opens governed gap |
Local LLM deployment with a model-adapter layer — Llama, Mistral, Qwen, or your enterprise endpoint — plus governed, module-separated RAG. Recommended defaults, never lock-in.
Manual, scheduled, and knowledge-gap update modes behind a full outbound governance gate: sanitization diff, redaction proof, risk scoring, security review, signed export.
Hash-chained audit log, approval records, redaction proofs, rollback history — exportable as signed evidence packs your CISO can verify offline.
Versioned knowledge artifacts with provenance, verification results, permissions, embedded test suites, and digital signatures. The update path that works fully air-gapped.
BSS/Charging, NOC, and Customer Care copilots built from real operator workflows — charging logic, alarm triage, RCA drafting, complaint handling — with governed answer cards.
Kill switch, human approval gates, WORM audit, and lineage IDs implemented to the AOS-1 Operating Assurance Standard — with signed execution receipts for continuous proof.
A fixed-scope program that proves governed private AI on your premises — and ends with an executive conversion pack, not a slide deck.
Appliance install, local LLM configuration, roles and RBAC, classification rules, outbound governance posture, kill-switch drill.
SOPs, manuals, ticket and RCA samples into BSS, NOC, and Care knowledge spaces — classified, redacted, permissioned, and approved through the workflow.
Governed answer cards live with pilot users. Source citations, confidence scoring, escalation behaviour, and refusal policy validated against real questions.
Knowledge gaps closed through the full loop: sanitized outbound requests, signed offline bundles, import verification, test suites, activation — and a live rollback demonstration.
Signed evidence pack verified in front of your security team, knowledge-quality metrics, and the full rollout roadmap with pricing.
No raw enterprise data, ever. The only thing that can leave is a sanitized, generic intelligence request — after identifier stripping, a reviewable diff, a redaction proof, admin approval, security review where risk demands, and a digital signature. In air-gap mode even that path is disabled.
Locs ships with recommended open-weight defaults for predictable pilots and abstracts the runtime behind a model-adapter layer — Llama, Mistral, and Qwen family models, or an enterprise-provided endpoint. You are never locked into one model family.
Yes. The appliance requires no external connectivity. Intelligence updates arrive as signed offline bundles moved by your approved media process, verified and tested locally before activation.
Deterministic, security-reviewable detectors — not a model. Critical secrets (credentials, keys, tokens) block the document outright; subscriber identifiers, IPs, and hostnames are redacted before chunking; contextually sensitive content is routed to security review. Every detection is receipted.
On high-risk topics Locs does not improvise: it states that approved knowledge is insufficient, shows what is missing, and opens a governed knowledge-gap request. Low-risk topics may receive cautious guidance clearly labelled as generic advisory.
No. Locs observes, retrieves, summarizes, recommends, and governs — humans execute all actions through your existing change processes. Assisted execution only, by design.
Locs implements the AOS-1 Operating Assurance Standard's runtime contract: a kill switch checked before every AI action, human approval gates on material changes, an append-only hash-chained audit log, lineage IDs on decisions, and signed execution receipts for continuous, verifiable proof.
Phase one is a portable hardened appliance (Docker Compose) installed inside your environment; Kubernetes and fully embedded high-security deployments follow. The local LLM, data, knowledge base, prompts, and inference always remain on your premises.
A working governed private AI deployment with your own knowledge, live copilots for BSS, NOC, and Care, closed knowledge gaps via signed updates, a demonstrated rollback, and a signed evidence pack — plus the executive conversion pack with rollout roadmap and pricing.
Locs is designed and engineered by mAIb Tech — built from firsthand telecom operations experience, not generic AI theory.
Runtime governance runs on the AOS-1 agentic operating system: kill switch, approval gates, WORM audit, and signed execution receipts.
Book a technical briefing for your CTO, CISO, and AI governance board — or start scoping a 90-day telecom pilot.