AISLE launches Snapshot for air-gapped vulnerability detection

AISLE, a San Francisco and Prague-based cybersecurity vendor, has launched Snapshot, a vulnerability-detection product designed to run entirely within a customer's own infrastructure. The offering targets regulated and security-sensitive organisations that cannot route source code or security data to external SaaS platforms — a constraint that has historically locked such organisations out of AI-powered scanning tools.

The product deploys across public cloud, private cloud, on-premises, and fully air-gapped environments. AISLE says Snapshot delivers verified findings ranked by business impact, with what it describes as a false positive rate below 5%. Pricing is flat and token-agnostic, which the company positions as a budget-planning advantage over consumption-based inference costs.

What Snapshot does

Snapshot combines AI-based static code analysis with AI-guided fuzzing. Rather than routing all tasks to a single large frontier model, AISLE says it matches the appropriate model to each sub-task, which the company claims yields approximately ten times greater cost efficiency relative to frontier models such as Anthropic's Mythos. The company says its platform has been evaluated against billions of lines of code and currently ranks first in three categories of UC Berkeley's independent vulnerability-detection benchmark: CVE volume, CWE breadth, and MITRE Top-25 reach, ahead of entries from Google and Anthropic. Those benchmark claims are vendor-cited and have not been independently verified by this publication.

AISLE's co-founder and chief executive, Ondrej Vlcek, said organisations facing the strictest data-sovereignty requirements "can't send their code to external services, but also can't afford to wait or to throw more people at the problem." Snapshot is positioned as a route to enterprise-grade detection without the compliance overhead of cloud-delivered scanning.

To date, AISLE says it has responsibly disclosed more than 225 CVEs across widely used open-source projects including OpenSSL, Linux, cURL, Apache, Mozilla, Redis, and Elastic — a track record that gives the platform credibility with security buyers evaluating breadth of detection.

Market and regulatory context

The timing is notable. Reported CVEs are rising sharply — AISLE cites a 42.5% year-on-year increase through mid-2026 — and the attack surface is expanding as developers ship more code faster. AI-assisted exploitation is compressing the window between public CVE disclosure and active exploitation, raising the stakes for enterprises that have lagged on remediation tooling.

The air-gapped and sovereign-deployment segment is increasingly contested. Established SAST and DAST vendors, including Veracode, Checkmarx, and Semgrep, have long offered on-premises deployment options, and a cohort of AI-native challengers are competing on model quality and automation depth. AISLE's differentiation rests on its closed-loop architecture — spanning discovery, prioritisation, remediation, and verification — and its published benchmark position, though buyers will want to evaluate those claims against their own codebases before committing.

Regulatory drivers are favourable for on-premises products of this kind. The EU's NIS2 Directive and DORA both impose stricter software-supply-chain security obligations on critical infrastructure and financial entities, many of which are headquartered in jurisdictions with explicit data-residency rules. In the US, CISA's Secure by Design guidance and ongoing FedRAMP requirements continue to push regulated sectors toward auditable, sovereign toolchains. Any vendor serving defence, healthcare, or financial-services buyers in the EU will also face scrutiny under the forthcoming Cyber Resilience Act, which mandates vulnerability-handling processes for products with digital elements.

Snapshot is generally available as of today. AISLE has not disclosed pricing tiers, named launch customers, or indicated current annual recurring revenue.