GeekVault · CONFIDENTIAL · prepared for K. Butler
01 / 13
↓ / →  to advance
GeekVault logo
GeekVault
JULY 2026
Advisory brief · Confidential

Security-first infrastructure for regulated engineering teams adopting AI.

Prepared for Dr. Kevin Butler — a discussion about a security advisory role.
Darren Kay, Founder
Sanitized brief — no architecture diagrams or threat-model artifacts.
The problem

“Adopt AI — but not like that.”

In regulated industries, the customer’s contract bans public cloud AI outright — so the work moves in-house, onto dedicated GPUs running local models. The same wall hits on two fronts: engineers who want AI to accelerate delivery, and teams trying to ship AI features to their own customers. Doing it the allowed way is punishing:

No dev/prod parity

Developer laptops can’t mirror the production GPUs, so every change means rebuild → deploy to a test box → evaluate → repeat.

Scarce, mismatched hardware

The GPUs you can actually get force model sharding and workarounds — more moving parts, less confidence.

Unpredictable spend

AI cost is hard to forecast or plan around, so budgets and approvals stall.

I hit this wall myself — on both sides of it. If it was blocking us, it’s blocking others.
Why now

The teams most eager for AI are the ones most constrained from using it safely.

84%
of developers now use or plan to use AI tools
22%
of breaches begin with credential abuse — the #1 initial access vector
rise in software supply-chain attacks in recent years

The IP boundary and the software-delivery boundary are becoming the same boundary — and in regulated industries, it can’t run through someone else’s cloud. And a breach anywhere in a regulated sector is a near-miss everywhere in it: peer boards ask the same question — are our crown jewels actually segmented? — and move budget accordingly.

Sources: Stack Overflow Developer Survey 2025 · Verizon DBIR 2025 · Sonatype State of the Software Supply Chain 2026
The model

One dedicated environment where regulated teams can use AI — with code, secrets, and workflows kept inside a boundary they control.

Dedicated boundary Brokered secrets Just-in-time credentials Bounded execution Evidence-oriented ops

Shipped as one coherent operating model — not five tools each customer has to integrate into a trust boundary themselves.

Landscape

Everyone sells a piece. The customer is left integrating their own trust boundary.

Hyperscaler DIY

Raw building blocks. You are the systems integrator, and the security model is yours to prove.

Dedicated hosting

Isolation, but no opinion on secrets, workflows, or AI governance.

Secrets / identity tools

One slice of the problem — assembled alongside many others.

Dev-platform vendors

Developer velocity first; the trust boundary is an afterthought.

Internal platform teams

Assembling all of the above by hand — expensive, and rarely their core mandate.

GeekVault

The integrated operating model — dedicated boundary, brokered access, and evidence, coherent by design.

We are not “better hosting.” The operating model is the product.

The architecture bet

Centralize the power. Thin the endpoints.

Distribute

  • A powerful compute box per engineer, plus a second managed laptop
  • Two devices to harden, patch, and explain — per person
  • Attack surface and credential reach expand with every endpoint
  • Higher endpoint cost, more to defend in an audit

Centralize

  • One hardened environment holds the compute and the sensitive work
  • A locked-down, browser-only client behind zero-trust access
  • Fewer devices, less credential sprawl, a smaller and more explainable attack surface
  • Lower endpoint cost, one story to defend
How we engineer

We don’t wait for a breach to find our blast radius.

With zero customers, we run adversarial tabletop exercises against real, in-the-wild supply-chain attacks — trace the blast radius as if we had been hit — and let that analysis drive the next control.

Compromised npm package · credential-scraping

→ Workspaces hold no standing credentials to scrape

Secrets are brokered per task instead of pre-loaded, so a scraper finds nothing sitting there.

CI/CD scanner supply-chain compromise

→ The pipeline’s privileged path is brokered, not standing

The blast radius of a poisoned build step is bounded by what was leased for that job.

Simulate the attack. Measure the radius. Engineer the control.
Use case · controlled AI-assisted delivery

One task, one governed lifecycle.

1
Engineer initiates AI-assisted work through an approved path
no informal side channel
2
A secret is brokered just-in-time for that task
no pre-loaded standing secrets
3
The credential is scoped and expires on completion
no credential sprawl
4
Execution stays inside the environment boundary
no exfiltration path out
5
The action leaves a reviewable record
no unaccountable action

Each step is a control that removes a specific way IP or access leaks — described at the trust-boundary level, not the architecture.

Value

Narrower than mass-market infrastructure — and far stickier.

For the customer

· Stronger governance over code, secrets, and AI workflows
· A tighter, demonstrable trust boundary
· Reduced credential and device sprawl
· Predictable, right-sized cost — not unforecastable AI spend
· Operational evidence they can put in front of auditors and their own customers

For investors

· AI adoption is forcing every regulated org to answer “where does our IP live?”
· Event-driven demand — one breach in a sector puts crown-jewel protection on every peer board’s agenda
· A wedge with high willingness-to-pay and high switching cost
· Becomes part of the customer’s operational trust model — hard to rip out
· A specific, reachable beachhead, not a boil-the-ocean platform

How we make claims

We would rather under-claim and show our work.

● Substantiated today
  • 0 standing secrets held by runners
  • outbound-only control plane — no inbound admin ports
  • signature-verified, digest-pinned releases
  • bounded, deny-by-default task execution

Every public claim is backed by evidence we can produce on request — or marked as roadmap. For a security company, credibility is the product.

Where your judgment is highest-leverage

Targeted input at the decisions that are hardest to reverse.

01
Trust-boundary & threat-model rigor — is the model framed with the precision it needs?
02
Key management & applied cryptography — are the secrets-brokering, signing, and attestation choices defensible?
03
Cloud attack surface & isolation — where are the assumptions that would not survive a determined adversary?
04
Adversarial-ML risk surface — what does AI-in-the-loop add to the threat model that we are not yet modeling?
05
Security & compliance milestones — which should be treated as foundational as the company matures?
The ask

A formal security advisory role.

Equity on standard advisory terms, calibrated to involvement. And a clean path that respects your obligations to the University of Florida and keeps the IP boundary unambiguous:

Step 1

UF approval

Outside-activity / conflict-of-interest sign-off secured first.

Step 2

NDA + agreement

Confidentiality and an advisory agreement — GeekVault IP stays GeekVault’s.

Step 3

Deep review

Threat model, architecture, and roadmap — in a setting that protects us both.

I kept the sensitive material out of this brief by design. The next layer is yours to see — once the structure protects us both.
GeekVault logo
GeekVault

Built nights and weekends over the past year by two engineers — and war-gamed against real attacks before the first customer.

Thank you for your time.
Darren Kay · Founder