CyborgShell - Executive Summary
Overview
CyborgShell is an open-source, browser-based AI development platform with a fundamentally different security model than traditional cloud AI tools.
The Security Model
Traditional Cloud AI Platform
User → Vendor Server → AI Provider
↓
• Stores your API keys
• Executes your code
• Sees all prompts/responses
• Potential compliance issues
CyborgShell
User → Your Browser → AI Provider (direct)
↓
• API keys in local storage only
• Code executes client-side
• Server only for file operations
• Minimal attack surface
Server only handles:
- Load files
- Save files
- List directories
- Optional CORS proxy (no data retention)
Server does NOT:
- ❌ Store API keys
- ❌ Execute code
- ❌ See prompts or responses
- ❌ Log AI interactions
Deployment Models
1. Public Cloud
cyborgshell.com → Browser → Cloud AI
Use Case: Evaluation, non-sensitive work
Security: API keys in browser, file ops on our server
2. Self-Hosted
Your Server → Browser → Cloud AI
Use Case: Corporate deployment, compliance
Security: Full infrastructure control
3. Air-Gapped
Your Server → Browser → Ollama (Local)
Use Case: HIPAA, classified, confidential
Security: Zero external transmission
4. Distributed
Shared Drive → Multiple PCs (Ollama)
Use Case: Batch processing, render farms
Benefits: Horizontal scaling, zero cost
Compliance Benefits
| Framework |
CyborgShell Support |
| HIPAA (Healthcare) |
✅ PHI Protection: Use Ollama locally, zero external transmission
✅ Access Controls: Your infrastructure, your rules
✅ Audit Trail: Simple file operations log
|
| SOC 2 (Service Organizations) |
✅ Security Controls: Open source allows full audit
✅ Data Flow Mapping: Browser → Your server → Local AI
✅ Minimal Third-Party Risk: No external processing
|
| GDPR (Privacy) |
✅ Data Minimization: Only file operations on server
✅ User Control: Users manage own API keys
✅ Right to Deletion: Simple file removal
|
| Classified/Confidential |
✅ Air-Gap Capable: Fully functional without internet
✅ Complete Control: Self-host entire stack
✅ No Data Leakage: All processing internal
|
Cost Analysis
Traditional Cloud AI Platforms
- Platform subscription fees
- Per-user licensing
- API call markups
- Vendor lock-in
- Hidden data egress charges
CyborgShell
- $0 platform fees (open source)
- $0 per-user costs (self-host)
- Direct API pricing (your keys)
- $0 lock-in (MIT license)
- Optional $0 AI (Ollama local)
Example Savings
24GB-48GB Video Card USD$2000-$6000 one off starter cost
50-person engineering team:
Traditional Platform: $50-500/user/month = $2,500-25,000/month
CyborgShell: $0/month + your direct API costs
ROI: Immediate (no platform fees)
Batch processing example:
Process 100,000 documents/month
Traditional Cloud AI:
- API costs: $0.002/document × 100,000 = $200
- Platform fee: $5,000
- Total: $5,200/month
CyborgShell + Ollama (10 PCs):
- Hardware: One-time ($500/PC × 10 = $5,000)
- API costs: $0 (Ollama local)
- Platform fee: $0
- Total: $0/month after hardware amortization
ROI: 1 month payback, then infinite free processing
Technical Requirements
Minimal Server Requirements
- Any web server (Apache, Nginx, IIS)
- Static file hosting capability
- Optional: PHP for CORS proxy
- No database required
- No application server required
- No container orchestration required
Ollama (or other) Local AI Server Requirements
- Ollama runs best with a discrete GPU (e.g., NVIDIA RTX or Apple M-series).
- While CPU-only operation is supported, performance is significantly slower and not recommended for production workloads or batch processing.
- For production or distributed environments, a GPU with at least 24 GB VRAM is recommended – for example, an NVIDIA RTX 4090 (≈ USD $2,000 / AUD $4,000) to ensure smooth operation with larger models.
Client Requirements
- Modern browser (Chrome, Firefox, Safari, Edge, Mobile Phones, XBox Ones)
- JavaScript enabled
- Local storage enabled
Network Requirements
Public/Self-Hosted with Cloud AI:
- Outbound: HTTPS to AI providers
- Inbound: HTTPS from users
Air-Gapped with Ollama:
- Internal network only
- No internet required
- Can be completely isolated
Risk Assessment
Risks Eliminated
- ✅ Centralized API Key Breach: Keys never stored on servers
- ✅ Server-Side Vulnerabilities: Code runs client-side
- ✅ Vendor Lock-In: Open source, self-hostable
- ✅ Data Exfiltration: Air-gap option available
- ✅ Service Disruption: Self-host = you control uptime
Remaining Risks (Mitigations)
Client-Side Storage: Use private/incognito on shared machines
CORS Proxy (Optional): Self-host for complete control, or eliminate with Ollama
AI Provider Trust: Choose providers meeting your requirements, or use Ollama
Implementation Path
Phase 1: Evaluation (1 day)
- Access public instance: cyborgshell.com
- Test with non-sensitive data
- Evaluate capabilities
- Review documentation
Phase 2: Self-Hosted Pilot (1 week)
- Clone repository
- Deploy to internal test server
- Configure test AI service (Ollama recommended)
- Pilot with small team
- Security review of deployment
Phase 3: Production Deployment (2 weeks)
- Infrastructure setup (your web server)
- SSL certificate configuration
- Ollama installation (if air-gapped)
- Network security configuration
- User training and onboarding
Phase 4: Air-Gap Option (if needed)
- Isolated network setup
- Local Ollama deployment
- Security validation
- Compliance verification
- Operational procedures
Competitive Analysis
| Capability |
CyborgShell |
GitHub Copilot |
ChatGPT Enterprise |
AWS CodeWhisperer |
| Self-Hostable |
✅ Yes |
❌ No |
❌ No |
❌ No |
| Air-Gap Capable |
✅ Yes |
❌ No |
❌ No |
❌ No |
| Open Source |
✅ MIT |
❌ Proprietary |
❌ Proprietary |
❌ Proprietary |
| API Key Location |
✅ Local |
⚠️ Vendor |
⚠️ Vendor |
⚠️ Vendor |
| Multi-Provider |
✅ Yes |
❌ No |
❌ No |
❌ No |
| Local AI |
✅ Ollama |
❌ No |
❌ No |
❌ No |
| Transformer Pipelines |
✅ Yes |
❌ No |
⚠️ Limited |
❌ No |
| Platform Fees |
✅ $0 |
❌ $10-39/user |
❌ Contact sales |
❌ Varies |
| Distributed Processing |
✅ Yes (horizontal) |
❌ No |
❌ No |
❌ No |
| Batch Processing |
✅ Native |
⚠️ Limited |
⚠️ API only |
⚠️ Limited |
| Horizontal Scaling |
✅ Infinite |
❌ No |
⚠️ Rate limited |
⚠️ Rate limited |
Decision Criteria
Choose CyborgShell If:
- ✅ Security/compliance requires air-gap capability
- ✅ Need to self-host for data sovereignty
- ✅ Want zero vendor lock-in (open source)
- ✅ Prefer client-side execution model
- ✅ Need multi-AI provider flexibility
- ✅ Want to eliminate platform fees
- ✅ Require full code auditability
- ✅ Need batch/distributed processing at scale
- ✅ Want horizontal scaling capability (1 to infinite workers)
- ✅ Have use cases for parallel AI processing
May Not Be Ideal If:
- ⚠️ Need enterprise support contracts (community support only)
- ⚠️ Require SaaS-only deployment (though SaaS available)
- ⚠️ Can't accommodate client-side execution model
- ⚠️ Don't have infrastructure for self-hosting (if needed)
Specific Use Cases That Benefit:
Healthcare/Life Sciences
- PHI analysis with Ollama (HIPAA compliant, zero external data)
- Batch processing of medical records
- Research data analysis (air-gapped)
Legal
- Contract analysis (privileged data stays internal)
- Document review at scale (distributed processing)
- eDiscovery workflows (parallel processing)
Finance
- Confidential data analysis (air-gapped)
- Batch report generation (zero API costs with Ollama)
- Risk modeling (distributed across multiple systems)
Manufacturing/IoT
- Quality control automation (parallel inspection)
- Log analysis at scale (distributed processing)
- Predictive maintenance (local AI on shop floor)
Education
- Student assignments (free Ollama for all)
- Automated grading (batch processing)
- Research projects (no API costs)
Media/Creative
- Batch video/audio transcription
- Content transformation pipelines
- Multi-format generation (render farm style)
Government/Defense
- Classified data analysis (air-gapped mandatory)
- Intelligence processing (distributed, isolated)
- Secure communications analysis
Questions for Vendor
- Are API keys ever transmitted to your servers? No, browser local storage only*
- Do you log AI prompts or responses? No, direct calls from browser
- Can we self-host? Yes, MIT license, full source available
- What's your air-gap story? Fully functional with Ollama, zero internet needed
- What data leaves our network? Only file operations to server you control
- Can we audit the code? Yes, complete source on GitHub
- What about the CORS proxy? ~200 lines PHP, logging OFF by default, fully auditable
- Does the proxy log API keys? No - LOG_OUTPUT = FALSE by default
- Can we verify what the proxy does? Yes - open source, self-hostable, or eliminate entirely with Ollama
- What's the TCO? $0 platform fees + your AI API costs (or $0 with Ollama)
- Vendor lock-in risks? None, open source
- Can we scale horizontally? Yes, add PCs for linear throughput increase
- Batch processing capability? Native, with distributed processing support
* Only if you use the optional CORS proxy hosted by us.
References
- Website: cyborgshell.com
- Source Code: https://github.com/PrimalNinja/cyborgshell
- License: MIT
- Documentation: See included guides
- Creator: PrimalNinja (2025)
Next Steps
- Technical Review: Download source, audit code
- Security Assessment: Review architecture document
- Pilot Test: Deploy to test environment
- Decision: Approve for production deployment
Summary
CyborgShell provides a unique browser-first architecture that enables air-gapped AI development, eliminates platform fees, and gives organizations complete control over their AI infrastructure while maintaining compliance with security frameworks.
Recommendation: Suitable for organizations requiring maximum security, compliance, or cost control in their AI development workflows.