Ondrej Vlcek’s AISLE turns its AI scanner into air-gapped Snapshot for regulated banks

AISLE, the cybersecurity startup founded by former Avast CEO Ondrej Vlcek, launched Snapshot on Tuesday. The headline hook is simple but serious: Snapshot deploys its AI vulnerability scanner inside a customer’s environment, including fully air-gapped networks, and keeps AISLE’s source code and security data from leaving the organisation’s control.

That change matters because the whole value proposition of vulnerability scanning runs straight into a common enterprise problem: many regulated organisations cannot just “upload data to a vendor” or run security tools in a way that violates internal controls, audit requirements, or data handling rules. Snapshot is built to remove that friction by supporting three deployment modes, a customer’s private cloud, an on-premises data centre, or a fully air-gapped environment. In other words, the scanner does its work where the customer already has permission to operate.

For boards and executives, the real story here is not only the AI scanner. It is the packaging. AI cybersecurity products tend to get stuck at the last mile, where procurement asks questions that are unglamorous but decisive: Where does data go? Can the vendor retain copies? Can our auditors trace what happened? Snapshot’s design, as described by The Next Web, directly answers those questions by stating that source code and security data never leave the organisation’s control. When you are selling into regulated industries, “never leave our control” is basically the product summary.

AISLE is explicitly aiming Snapshot at regulated industries, including banks and defence. That positioning is important because regulated sectors typically operate with tighter governance than the average startup playground. They need security testing without introducing new data flows that trigger compliance exceptions. An air-gapped option is the most extreme form of this discipline. It is also the highest-stakes promise: if it works in an air-gapped environment, it can be used by organisations that have little tolerance for outbound connections, external processing, or shared infrastructure.

From a market perspective, this reflects a broader trend in enterprise security: tooling is becoming more operationally portable, and more deployment-aware. Organisations do not just compare “does it find vulnerabilities?” They compare “can we run it safely in our real constraints?” Private cloud and on-premises deployment options already address many enterprise buyers. The fully air-gapped environment option is the differentiator that turns vulnerability scanning from a capability question into an access question. If you cannot connect, you cannot buy the usual SaaS-based scanner. Snapshot tries to unlock a segment that historically would be difficult for many vendors.

There is also a strategic second-order effect for executive teams. When a product can be run inside customer-controlled environments, it changes how cybersecurity teams negotiate with internal stakeholders like IT, compliance, and risk. These groups typically gatekeep because they control systems boundaries and data handling policies. A scanner that does not require moving sensitive code or security data externally can reduce internal friction, speed up adoption, and shrink the time between “interest” and “deployment.” Board-level risk committees care about that because delays are risk in disguise.

And if you are thinking about competitive dynamics, consider what this launch signals. AISLE is not just building a vulnerability scanner. It is building a delivery model that aligns with procurement realities in regulated sectors. Those buyers often reward vendors that respect the organisation’s control requirements, not vendors that ask for exceptions. Snapshot’s approach, as described in the report, is engineered for acceptance in the environments where external data movement is the biggest barrier.

Ultimately, Snapshot is about how quickly regulated organisations can detect and respond to vulnerabilities without breaking their own rules. The key operational stakes are straightforward: if source code and security data truly never leave the organisation’s control, that should make the path to deployment clearer for banks and defence-type buyers. For executives at similar organisations, the question is not whether AI vulnerability scanning sounds impressive. It is whether the deployment model matches your governance constraints, and whether you can get results without adding compliance risk.