Product

The Sagheer Labs Appliance

A single-rack unit that brings FPGA-accelerated threat detection and local behavioral AI to air-gapped networks.

How It Works

Three Steps to Inline Detection

Step 01

Deploy Inline

The appliance is installed physically between your perimeter router and core switch. All traffic flows through it. No network reconfiguration required beyond a single cable swap.

Step 02

Learn Normal

The behavioral AI engine observes traffic patterns for a configurable baseline period — typically 7–14 days. It learns what normal looks like for your specific network: which hosts communicate, what protocols they use, when traffic spikes, what DNS queries are routine.

Step 03

Detect & Respond

Once baselined, the system flags anomalies in real time. The FPGA fast path blocks known threats at line rate. The AI smart path surfaces behavioral deviations. The workflow engine correlates findings into MITRE-mapped incident reports for your SOC team.

Specifications

Hardware Specifications

FPGA / SmartNIC

Xilinx Alveo U25N or equivalent

AI Accelerator

8× Intel Sparkle (24 GB VRAM each)

Total VRAM

192 GB

CPU

Intel Xeon D-2700 (8-core)

Memory

64 GB ECC DDR4

Storage

2× 1 TB NVMe RAID-1

Network

Dual 25G SFP28 inline

Form Factor

1U rackmount, short-depth

Inline Latency

< 1 ms

Throughput

Up to 25 Gbps line rate

False Positive Target

< 0.1%

AI Capability

Supported Models (All Self-Hosted)

▸Llama 3.1 70B (full precision or quantized)
▸Llama 3.1 405B (quantized, fits in 192 GB VRAM)
▸DeepSeek-R1 or DeepSeek-V3
▸Custom fine-tuned security analyst models

Fine-Tuned for OT/ICS

All models are heavily fine-tuned on proprietary OT/ICS traffic datasets, MITRE ATT&CK mappings, and SOC analyst conversation patterns. Fine-tuning happens entirely on-device or via encrypted physical media. No training data ever leaves the appliance.

Pricing Model

Three Revenue Tiers

Each tier is independent. Customers buy what air-gap constraints allow.

Tier 1One-time

Hardware Sale

One-time purchase of self-hosted appliance. Custom FPGA configuration, hardened chassis, tamper-evident seals, and initial deployment support. Enterprise pricing tiered by throughput and GPU cluster size.

Tier 2Annual

Software License

Recurring subscription for threat intelligence feeds, model retraining, firmware updates, enclave attestation monitoring, and SIEM/SOAR connector maintenance.

Tier 3Annual

LLM Intelligence

Premium LLM analyst tier with auto-SOC response, executive reporting, custom model fine-tuning, and dedicated analyst support. Deployable on appliance or private cloud.

5:1

Target LTV/CAC Ratio

3 Tiers

Expandable Revenue Model

120%+

Net Revenue Retention Target

Ready to see it inline?

Book a technical deep-dive with the founders.

Request a Demo