Most GPU cloud providers treat security as a feature added after the fact. Aircloud's three-tier trust model means you choose isolation depth at workload creation — and every tier ships with meaningful, contractual guarantees.
Every Aircloud workload runs in one of three named isolation environments. The choice is yours at provisioning time. Each tier has documented technical boundaries — so your security team can evaluate them directly, not parse marketing language.
VM-level hypervisor isolation on major cloud infrastructure.
Production inference, compliance-regulated workloads, model weights you cannot expose.
Hardware-enforced VM boundaries. Your workload runs inside a dedicated virtual machine with hypervisor separation from all other tenants. No shared kernel. No container escape vector. Identical to what you get from a bare VM on AWS, GCP, or Azure — delivered through the Aircloud API.
Provider-backed uptime SLA with Aircloud passthrough guarantees. Incident response tied to the hyperscaler's published SLO.
Verified partner hardware in contractually-bound colocation facilities.
Demanding production workloads, high-volume inference, staging environments with near-production requirements.
Known, audited operators running hardware in certified data centers. Physical security controls, access logging, and a signed colocation agreement with Aircloud. Container-level isolation with contractual terms that back up the technical controls. Aircloud monitors uptime and enforces SLA compliance.
Dual SLA: Aircloud platform SLA plus operator SLA. Each operator is onboarded under a contract that defines incident obligations and liability.
Docker-hardened containers. Reputation-scored operators. Lowest prices.
Development environments, non-sensitive batch jobs, training on public datasets, cost-sensitive experimentation.
Self-registered operators — home labs, small data centers, researchers. Docker with hardened runtimes and seccomp profiles. Aircloud applies reputation scoring based on uptime, incident history, and peer review. You accept that VM-level guarantees are not present on this tier.
Community reputation system with basic contractual minimums. Not appropriate for sensitive workloads or compliance-regulated data.
AI infrastructure handles some of the most commercially sensitive data in your stack. Here's what Aircloud's isolation model actually protects — with specific technical claims, not vague assurances.
Your trained weights never leave your isolated environment. On Trusted and Secure tiers, weights are loaded into GPU memory within a dedicated VM or contractually isolated container. No shared memory bus with other tenants. No operator access to model files at runtime.
Request and response payloads are processed within your isolated compute boundary and are not logged at the platform level. For private inference endpoints, traffic flows through private networking with no public internet exposure unless you explicitly configure it.
Training datasets are mounted into your compute environment via encrypted volumes. Data in transit uses TLS 1.3. Data at rest is encrypted on persistent storage. You retain full ownership — we do not access, analyze, or retain copies of your training data.
API keys, Hugging Face tokens, and other secrets are injected via environment variables or a secrets manager integration — never baked into images or stored in plaintext. Secrets are scoped to your workload and not accessible to other tenants or operators.
The default network posture for every Aircloud workload is isolated. Exposure is opt-in, not opt-out. Most cloud security incidents begin with accidental public exposure — we eliminate that attack surface at the default configuration.
Every provisioned instance starts with zero public network exposure. You opt in to public endpoints explicitly. Private inference endpoints are only reachable from your VPC or via Aircloud's private networking layer.
Connect Aircloud compute directly into your existing VPC over private, encrypted links. Traffic between your application layer and GPU instances never traverses the public internet. Supports AWS, GCP, and Azure VPC peering configurations.
Define egress rules per workload. Restrict outbound traffic to your own infrastructure, block internet access entirely for air-gapped training runs, or whitelist specific endpoints for dataset access. Applied at the network layer, not inside the container.
Multi-node training jobs communicate over encrypted NCCL channels between compute nodes. Aircloud manages key exchange and rotation. No traffic between GPUs in a distributed job is unencrypted in transit.
We don't manufacture compliance posture we haven't earned. Here's the current state of our certification and regulatory posture — including what's in progress and what's on the roadmap.
SOC 2 Type II audit is underway. We're targeting completion in H2 2025. Our controls cover availability, confidentiality, and security. Prospective customers with compliance requirements can request our current controls documentation.
Aircloud operates as a data processor under GDPR. We process customer data only as directed and provide DPA agreements for EU customers. Data residency options are available to ensure processing stays within the EU where required.
Workloads can be pinned to specific regions and data center operators. For regulated industries, we support configuring Trusted-tier workloads to run only on infrastructure in named geographic regions, with a full audit trail.
HIPAA-compliant BAA agreements are on our compliance roadmap. If HIPAA is a current requirement, contact our security team to discuss what's achievable today and expected timelines for formal certification.
The controls below apply regardless of which supply tier you select. These are not premium add-ons. They're the baseline — because a security baseline only works if it's actually universal.
Talk to our security teamOur security team can walk you through the technical details of our isolation model, help you assess tier fit for your compliance requirements, and provide controls documentation on request.