The safest place for your prompts is your own machine
VirexaLLM runs locally, ships as a signed binary, serves open-weight models, and supports full air-gap operation. There's no cloud to breach, no telemetry to disable, and no prompts leaving your device.
Security at a glance
0
Cloud Exfiltration
Prompts and files never leave the device by default
Signed
Binaries & Weights
Every installer and model release cryptographically signed
Open
Model Weights
Inspect every weight you run — no closed models, no surprises
Air-Gap
Mode Supported
Fully offline operation for isolated networks
Security controls
Local-first architecture backed by signed releases and open source.
Local by Default
Inference runs on the device. Prompts, attached files, and completions are written to disk you control — nothing is sent anywhere without explicit opt-in.
Code-Signed Binaries
Every macOS, Windows, and Linux installer is signed and notarized. Reproducible builds let you verify binaries match the published source.
Signed Model Weights
The curated model registry ships SHA-256 hashes and signatures for every GGUF. Tampered weights fail to load.
Air-Gap Mode
One switch blocks every outbound connection — update checks, telemetry, registry lookups. The app never contacts the network again.
Zero Telemetry Option
Opt out of every optional diagnostic. VirexaLLM will still run, still update (manually), and still never phone home about your usage.
SBOM & Supply Chain
We publish an SBOM for every release, sign artifacts with Sigstore, and document our dependency supply chain for auditors.
Attestations and guarantees
Narrow scope, because there's no cloud handling your prompts.
Every action stays on the device
Model loads, policy changes, and administrative actions are captured in a local audit log you control. Export it as a signed artifact when auditors or your own SOC ask.
Your prompts never leave your hardware
Run in air-gap mode on machines that should never touch the internet again. Side-load signed updates through your own distribution channel. The runtime honors the isolation you pick at install time.
Security practices behind the binary
What we do so you can trust a signed build from us more than a pickled Python env from the internet.
Annual Pen Testing
Independent firms test the desktop app, update pipeline, and admin console yearly. Findings remediated within SLA.
Responsible Disclosure
Active security program for external researchers — with bounties for meaningful vulnerabilities in the runtime and update path.
No Data Collection
We do not collect prompts, completions, filenames, or conversation content. Ever. The architecture makes it physically impossible by default.
Signed Updates
Updates are cryptographically signed. The app refuses to install a build that doesn't verify against our release key.
Open Core
The runtime is open source. Read it, build it yourself, or fork it. No hidden cloud calls because there is no cloud.
Reproducible Builds
The published binary byte-matches what you build from source — verify the supply chain yourself, or trust your own CI.
Deployment modes for every threat model
From a personal laptop to an air-gapped SCIF — one binary, different profiles.
Personal Desktop
Default profile. Local inference, optional curated registry, easy updates. Best for individual developers.
Managed Fleet
Admin console pushes signed policies and model lists to every activated workstation in your org.
Air-Gapped
No network access, ever. Side-loaded installers, side-loaded updates, fully offline inference.
Hybrid
Some workstations managed with updates, others locked in air-gap — one admin console for both.
Frequently asked questions
Where do my prompts go?
Do you have SOC 2?
Can we run this fully air-gapped?
Are the model weights closed?
How do we verify a release?
Your laptop is the server now
Download VirexaLLM and run Llama, Mistral, Phi-3, Gemma, or Qwen locally in minutes. Free desktop app for macOS, Windows, and Linux — your prompts never leave the device.