VirexaLLM

On-prem AI for regulated enterprises

Ship every prompt through a local runtime on your own hardware — with per-device licensing, model allowlists, SSO and SAML, signed audit logs, and full air-gap support for the workloads that can never touch a cloud.

Book a demoSee startup solution

Regulated teams choose local inference

100%

On-Prem Inference

Every token served inside your perimeter

SSO

& SAML Included

Centralized identity for your desktop fleet

Air-Gap

Supported

Workstations that never call home

100%

Audit Coverage

Every model load and policy change logged locally

Enterprise controls for local AI

Fleet policy, identity, audit, and deployment — baked into the runtime.

Fleet Policy Enforcement

Encode rules once in the admin console: which models each team can load, which data classes may touch inference, which updates a workstation will accept.

Per-Device Licensing

License every activated workstation. See who has which model, which version, and which policy bundle applied — across the whole fleet.

SSO, SAML & SCIM

Centralized identity through Okta, Azure AD, or Google Workspace for the admin console. Device entitlements follow your joiner-mover-leaver flow.

Signed, Local Audit Logs

Every prompt, model load, policy change, and admin action is logged on-device with tamper-evident signatures — shipped to your SIEM, never to us.

Air-Gap & Side-Loading

Workstations that should never touch the internet install, update, and activate from signed bundles on your own distribution channel.

No Telemetry

Zero beacons, zero analytics, zero "anonymous usage" phone-home. The network panel stays quiet by design.

Regulated workloads we support

Policies, controls, and reviews that meet real audit bars.

Per-Device LicensingModel AllowlistsData Classification PoliciesNo-Training GuaranteeRegulated WorkloadsOn-Prem InferencePrompt RedactionApproved Model FamiliesVendor Risk ReviewsQuarterly Access ReviewsDPA ManagementLegal Hold Support

One runtime for every team's AI

Instead of a dozen cloud bills and shadow API keys, every business unit runs on the same signed desktop runtime. Activation rolls up by BU, project, and cost center — ready for finance, ready for audit, with no prompt content crossing your perimeter.

Governance enforced on the device

Model allowlists, data-class policies, and prompt redaction run inside the local runtime — not scattered across a hundred application codebases or a third-party API. One policy, enforced on every inference call, online or offline.

Audit-ready from day one

Give internal audit and your regulators a single place to inspect AI activity — without shipping prompts off-device.

Every device event logged

Activation, model loads, version changes, policy updates — all timestamped and signed locally.

Every inference traced

Prompt hash, model, quantization, latency, and token counts — exportable without exposing content.

Every policy change tracked

Admin actions and fleet-policy edits are versioned and diffable in the admin console.

Enterprise-grade security

Built for the compliance bar regulated AI programs answer to.

SOC 2 Type 2
SOC 2 Type 2
ISO 27001
ISO 27001
GDPR Compliant
GDPR Compliant
SAML SSO
SAML SSO
Signed Audit Logs
Signed Audit Logs
Role-Based Access
Role-Based Access

Frequently asked questions

How do we track AI usage across business units?
Devices are grouped into fleets with tags for BU, project, and cost center. Activation and usage reports roll up automatically — without any prompt content ever leaving the workstation.
Can we restrict which models specific teams can load?
Yes. Per-fleet allowlists enforce model and quantization restrictions in the desktop runtime — not in application code — so users physically can't load a blocked model.
How does this integrate with our identity provider?
SSO and SAML for admin-console access, plus SCIM sync so device entitlements follow your joiner-mover-leaver process automatically.
Can we deploy fully offline?
Yes. Air-gap mode blocks all outbound traffic, and the installer, updates, and license bundles can be side-loaded from your own signed distribution channel.
Is there an enterprise agreement?
Yes — with volume pricing per device, custom DPAs, named support, and reproducible-build attestations on request.

Your laptop is the server now

Download VirexaLLM and run Llama, Mistral, Phi-3, Gemma, or Qwen locally in minutes. Free desktop app for macOS, Windows, and Linux — your prompts never leave the device.

Download