# How air-gapped teams add AI knowledge search without sending data to the cloud

> For teams in defense, government, finance, or healthcare, most AI knowledge tools fail the first compliance review because they ship documents to a hosted model. This guide covers how to add AI-powered knowledge search inside an air-gapped network — single-tenant deployment, baked-in container images, no runtime egress, and Mattermost-native answers grounded in your docs and code.

- Date: 2026-06-16
- Tags: air-gapped, on-prem, mattermost, compliance, knowledge-management

---
Most AI knowledge tools have the same dealbreaker: they need to send your documents, code, and conversations to a hosted model. For teams in defense, government, finance, or healthcare, that single requirement rules them out. So you're left searching a self-hosted stack by hand while everyone else gets instant answers.

There's another path. Falconer gives you AI-powered knowledge search that runs entirely inside your own infrastructure, with nothing leaving the network, and plugs straight into Mattermost. Falconer is a knowledge agent for engineering teams that unifies your docs, code, and chat into one searchable knowledge graph and answers questions, with citations, for both people and coding agents.

## Key takeaways

- Falconer runs AI knowledge search entirely inside your own infrastructure, so documents, code, and conversations never leave your network.
- The full on-premises tier supports [air-gapped](https://csrc.nist.gov/glossary/term/air_gap) operation with no outbound internet at runtime and zero data egress.
- It deploys single-tenant inside your own GCP environment, with every container image baked in at build time so no external registry is needed while it runs.
- Falconer is [SOC 2 Type II](https://www.aicpa-cima.com/resources/landing/system-and-organization-controls-soc-suite-of-services) certified (January 2026), encrypted in transit and at rest, and isolated inside your VPC.
- It answers directly inside Mattermost through @mentions, DMs, and auto-responding Q&A channels, with every answer carrying citations to its source.

![](https://falconer.com/api/file/s3/images/1781642454733-1j2t08.png)

## Who needs air-gapped AI knowledge search?

Teams whose data can't legally or contractually leave their control. That includes healthcare organizations under [HIPAA](https://www.hhs.gov/hipaa/index.html), federal agencies and their contractors under [FedRAMP](https://www.fedramp.gov/), defense suppliers under [CMMC](https://www.acq.osd.mil/asda/dpc/cp/cyber/cmmc.html) and [ITAR](https://www.pmddtc.state.gov/), and financial institutions with strict data-residency rules. For these teams, any tool that ships documents and code to a hosted model fails the first compliance review.

## The constraint nobody designs for

Engineering teams in regulated environments make a deliberate tradeoff: they run self-hosted tooling to keep data under their control. The cost is a tooling desert. Cloud AI assistants are off the table, search across tools is broken, and answers live in people's heads.

Falconer is built for exactly this constraint instead of treating it as an afterthought.

## How to add AI knowledge search without data leaving your network

You don't have to choose between security and a capable AI assistant. The trick is to run the whole stack, model included, inside the perimeter you already control. With Falconer, that's five steps.

1. **Provision a single-tenant environment.** Stand up Falconer inside your own GCP project. It runs as a dedicated, single-tenant deployment, isolated in your VPC with no cross-tenant access.

2. **Bake every image at build time.** All services are containerized and every image is baked in at build time. No external registry is contacted while it runs, so the system has nothing to reach for once it's live.

3. **Cut the outbound connection.** For the strictest environments, run the full on-premises tier air-gapped. Pull the runtime internet connection entirely. The model that powers search and answers runs in-environment, so there's zero data egress.

4. **Connect your sources.** Point Falconer at your docs, code, and chat. It unifies them into one searchable knowledge graph and keeps docs current from your PRs, all inside the network.

5. **Ask in Mattermost.** A bridge connects Mattermost to Falconer's agent. Your team @mentions it, DMs it, or sets up an auto-responding Q&A channel, and gets cited answers without leaving the chat tool they're required to use.

## What is Falconer?

Falconer is a company brain for engineering teams. It unifies your docs, code, and chat into one searchable knowledge graph and answers questions, with citations, for both people and coding agents. It auto-updates docs from your PRs, grounds answers in your real implementation, and exposes context to coding agents over [MCP](https://modelcontextprotocol.io/docs/getting-started/intro).

The difference for locked-down teams is where it runs. Falconer deploys single-tenant in your own GCP environment and, on the full on-premises tier, operates fully air-gapped with no outbound internet at runtime. You get the same agent, search, and answers as a connected deployment, with nothing leaving your network.

## How does Falconer keep data inside your network?

Falconer runs as a single-tenant deployment inside your own GCP environment. All services are containerized and every image is baked in at build time, so no external registry access is needed while it runs.

For the strictest environments, the full on-premises tier supports air-gapped operation with no outbound internet at runtime. You get the same agent, the same search, and the same answers, with zero data egress.

**The security posture behind that:**

- [SOC 2 Type II](https://www.aicpa-cima.com/resources/landing/system-and-organization-controls-soc-suite-of-services) certified (January 2026)
- Encryption in transit and at rest
- Network isolation inside your VPC, with no cross-tenant access
- Time-limited, IP-restricted access with full audit logging
- Daily snapshots with retention
- Every infrastructure change reviewed via code, with no manual edits

## How do you ask questions inside Mattermost?

Ask Falconer a question right where your team works. Mention it in a Mattermost channel or DM, and it returns an answer grounded in your docs and code with citations. Set up a dedicated Q&A channel and it responds automatically, keeping context across a thread.

## What Falconer does

| Capability | Why it matters for locked-down teams |
| --- | --- |
| Self-hosted / air-gapped | No data ever leaves your environment |
| Knowledge graph SSOT | One searchable source across docs, code, chat |
| Auto-updating docs | Docs stay current from your PRs |
| Codebase-aware answers | Grounded in your real implementation |
| Semantic + keyword search | Precise answers, not keyword soup |
| Mattermost-native | Answers in the chat tool you're required to use |
| [MCP for coding agents](https://falconer.com/guides/falconer-mcp/) | Accurate context for Claude, Cursor, CLI |

For your industry's specific compliance picture, see the guides on documentation platforms for [defense tech](https://falconer.com/guides/defense-tech-documentation-platforms/), [health tech under HIPAA](https://falconer.com/guides/healthtech-documentation-platforms/), and [fintech under SOC 2 and banking requirements](https://falconer.com/guides/fintech-documentation-platforms/).

![](https://falconer.com/api/file/s3/images/1781642756938-2y0gq7.png)

## FAQ

### How do air-gapped teams deploy Falconer?

Deploy Falconer on-prem. It runs inside your own VPC as a single-tenant install, with all services containerized and every image baked in at build time. The full on-premises tier supports air-gapped operation with no runtime internet access, so once it's built you can pull the network connection entirely. Your team operates it like any other internal service: deploy, snapshot, and update on your own schedule, with every infrastructure change applied through reviewed code rather than manual edits.

### Does Falconer work in a fully air-gapped network?

Yes. Falconer's full on-premises deployment is designed for air-gapped networks. All container images are pre-baked at build time, so it needs no external registry or outbound connection to operate. The model that powers search and answers runs inside your environment too, which means there's no hosted API call leaving the network when someone asks a question. You get the same agent, the same search, and the same cited answers as a connected deployment, with nothing reaching out.

### Does any of our data leave the environment?

No. In an air-gapped deployment there is zero data egress at runtime. Documents, code, conversations, and model weights all stay inside your network. Nothing is sent to an external service for indexing, embedding, or inference. That's the whole point: the data you can't legally or contractually move never has to move, so Falconer clears the first compliance review instead of failing it.

### Is Falconer secure and compliant?

Falconer is SOC 2 Type II certified (January 2026), encrypts data in transit and at rest, isolates everything inside your VPC with no cross-tenant access, and logs all access for audit. Access is time-limited and IP-restricted, daily snapshots are retained, and every infrastructure change is reviewed via code. On-prem installs inherit this full model, which maps directly onto the controls regulated teams answer to under HIPAA, FedRAMP, CMMC, and ITAR.

### Can it answer inside Mattermost?

Yes. A bridge connects Mattermost to Falconer's agent for @mentions, DMs, and auto-responding Q&A channels, and it keeps context across a thread. Ask a question where your team already works and Falconer returns an answer grounded in your docs and code, with citations back to the source. Set up a dedicated Q&A channel and it responds automatically, so people get instant answers without leaving the chat tool they're required to use.