"Private AI" gets used as if it means one thing. In practice it spans three deployment models with very different control and compliance profiles: your own cloud (VPC), your own data center (on-premise), and a fully isolated network (air-gapped).
Choosing well starts with knowing what each actually guarantees.
VPC: private, but still in the cloud
A VPC (virtual private cloud) deployment runs the platform inside your own cloud account on AWS, Azure, or GCP. Data stays in your tenancy, under your IAM and encryption keys.
This is the lightest-weight private option. You get cloud elasticity and managed infrastructure while keeping data out of any AI vendor's environment.
The trade-off: you still depend on a cloud provider's region and controls. For most enterprises that is acceptable; for the most regulated, it isn't enough.
On-premise: in your data center
On-premise deployment runs the platform on hardware you own and operate. Data never leaves your physical infrastructure, and you control the full stack.
This suits organizations with existing data centers, strict residency rules, or workloads that can't sit in public cloud. See on-premise deployment for how the full platform ships to your environment.
The trade-off is operational: you provision and maintain the hardware (or have a partner do it).
Air-gapped: zero external connectivity
Air-gapped deployment goes furthest — the system has no outbound connectivity at all. No API calls, no licensing callbacks, no telemetry.
Models, retrieval, and orchestration all run locally. This is the requirement for classified, IL5, clinical, and other environments where nothing may leave the network.
It is the strictest and most involved to operate, but the only model that satisfies true isolation requirements.
How to choose
Match the deployment to the data and the regime:
- VPC — sensitive data that can stay in your cloud tenancy under your keys; you want cloud elasticity.
- On-premise — residency or policy requires data in your own data center; you operate infrastructure.
- Air-gapped — classified, regulated, or isolated workloads where no external connectivity is permitted.
Many enterprises mix them: VPC for general workloads, air-gapped for the most sensitive. A model-agnostic platform lets the same agents run across all three.
The constant across all three: ownership
The deployment model changes; the ownership principle shouldn't. In every case, a full code license means you own the platform, your data stays yours, and there's no per-seat lock-in.
This is the difference between private AI and "private-ish" AI. A managed product hosted in your VPC still ties you to the vendor's roadmap and pricing. Owning the stack means the deployment choice — and the exit — is always yours.
A note on "on-premise" claims
Check the fine print. Some vendors offer "on-premise" that still requires connectivity to their infrastructure for model serving or license validation. That is not air-gapped, and it is not fully private.
True private AI — at any of the three levels — has no hidden dependency on an external vendor after deployment.
The takeaway
Pick VPC, on-premise, or air-gapped based on where your data is allowed to live, then keep ownership constant across whichever you choose. Start at the self-hosted AI hub, and see the ownership economics in build vs. buy.