VectaX
encryption for intelligence.
Encryption that follows AI through every place it touches your data.
Memory
search on ciphertext
Inference
data stays encrypted
Training
fine-tune encrypted
The problem
The moment a model touches your data, it's decrypted. So your most sensitive data never gets near production AI.
In memory, at inference, in training, every place AI reaches your data, something has to put it in the clear. That's why your regulated records, your IP, your customers' lives sit on the wrong side of the AI line: exposure is the price of entry.
The five surfaces VectaX covers
Wherever intelligence touches data, VectaX is the layer underneath.
Most "encryption for AI" stops at the gateway. VectaX doesn't stop. The data stays sealed across all five.
Encrypted memory
RAG · vectors · agent memory
Encrypted inference
computes on ciphertext
Encrypted training
fine-tune without exposing data
Distillation defence
your model can't be cloned
Multiparty compute
joint analysis · zero sharing
One band underneath
VectaX is the encryption layer underneath every surface intelligence touches.
Deploy where your data already is
Your boundary doesn't move. VectaX comes to you.
Pick where the security boundary sits today: gateway, edge, or fully on-prem. The dashed line is yours; VectaX meets it there.
Edge
at the client / device
Encrypt at the source: browser, mobile, on-device. The rest of your stack only ever handles ciphertext.
Gateway
in front of your AI stack
Drop VectaX in front of your endpoints and stores. Traffic encrypts on entry; nothing downstream sees plaintext.
On-prem
inside your VPC · sovereign region
Run VectaX entirely in your VPC or air-gapped network. Keys never leave. Mirror runs where your data lives.
Why FHE, not just TEE or VPC
TEE secures one room. VectaX moves with the data.
TEE / VPC enclaves
- Covers one surface: the inference enclave
- Memory, agents, tools, training stay plaintext outside
- Data has to move into the vendor's enclave to be useful
- Sovereign and classified data can't legally move at all
- Plaintext inside the enclave; one boundary break exposes everything
VectaX · FHE
- One encryption layer across every surface AI touches
- Memory, inference, training, distillation, MPC all encrypted
- Mirror runs where your data already lives
- Sovereign, regulated, air-gapped, keys never leave
- Ciphertext throughout; nothing to expose, even if the boundary is broken
Benchmarks
Most of plaintext throughput. All of the encryption.
The model computes on ciphertext. The vector store retrieves on ciphertext. Plaintext never leaves the agent. On open-weight Llama-2 7B and 70B served with vLLM on datacenter GPUs, this is what comes out.
No single number describes an AI workload. Model and size, quantization, serving stack and kernels (vLLM build, attention impl), and workload shape all pull the tradeoff in a different direction. Below is the public band; per-config rows are in the technical brief.
| Workload model · batch | Plaintext tok/s · vLLM baseline | VectaX tok/s · encrypted | Result what it means in practice |
|---|---|---|---|
| Llama-2 7B inference, batch 32 | 46.5 | ~37 | Production throughput |
| Llama-2 70B inference, batch 16 | 11.8 | ~9.5 | Production throughput |
| Time-to-first-token, 7B | 24 ms | Under 350 ms | Sub-second TTFT |
| Encrypted retrieval (MSMARCO, k=10) | 4 ms p95 | 12 ms p95 | Ranking preserved |
Accuracy: plaintext vs VectaX
Standard benchmarks · unencrypted vs encrypted, same model
| Task | Plain | VectaX | Delta |
|---|---|---|---|
| MMLU (5-shot) | 45.9% | 45.5% | −0.4 pts |
| HellaSwag (0-shot) | 75.9% | 75.6% | −0.3 pts |
| HumanEval (pass@1) | 12.7% | 12.5% | −0.2 pts |
| GSM8K (8-shot EM) | 16.6% | 16.0% | −0.6 pts |
| MSMARCO (NDCG@5) | 0.970 | 0.962 | −0.8 pts |
Average tax ≈ 0.4 pts across the four LLM tasks; 0.8 pts on MSMARCO retrieval.
Test rig: open-weight Llama-2 on vLLM. Single A100 for 7B, multi-GPU tensor parallel for 70B. The technical brief has the per-config rows, operator dispatch table, and the critical-path breakdown.
Memory and retrieval
Encrypted memory and context. For every agent.
Inference is half the encryption story. Long-term memory, RAG, and hybrid search are the other half. Most agent deployments give those up to keep data exposure manageable. Mirror keeps them, encrypted end to end, on a substrate that reads in milliseconds.
Memory and retrieval costs move with index size, query mix, recall target, and concurrency. Below is the public band; per-config rows are in the technical brief.
| Agent memory benchmark open-source eval suite | Mirror score | Notes sample size, conditions |
|---|---|---|
| LoCoMo overall | 90.7% | n=1,540 |
| LoCoMo multi-hop | 95.7% | |
| LoCoMo temporal | 94.8% | |
| LongMemEval | 95.0% | n=500, encrypted end-to-end |
Encrypted retrieval substrate
50K vectors · 768-dim · top-10 · in-process, no cloud round-trip
| Operation | Latency | Quality |
|---|---|---|
| Vector search | 25 ms P50 · 29 ms P95 | recall@10 = 1.00 |
| Encrypted BM25 | 1.5 ms avg · 2.4 ms P95 | PRF-encrypted tokens |
| Encrypted hybrid | 1.3 ms end-to-end | Ranking preserved |
Sustained concurrency
Single node · recall preserved
| Workers | QPS | P50 | Recall |
|---|---|---|---|
| 1 | 64 | 12 ms | 1.00 |
| 4 | 184 | 15 ms | 1.00 |
| 8 | 186 | 18 ms | 1.00 |
Encryption overhead on the read path: 24 ms plaintext to 25 ms encrypted, +1 ms. Recall identical.
Encrypted layers
Test rig: Mirror-VDB on a single node, in-process, 50K vectors at 768 dim, top-10 retrieval. No cloud round-trip in the numbers above. Concurrency rows use the same harness. The brief has the per-config rows and the agent-harness integration notes.
Frequently asked
Questions, answered
What's the actual security problem VectaX solves? Isn't our data already encrypted?
Doesn't FHE have a massive performance penalty? Is this practical for production workloads?
How does VectaX work with our existing inference stack?
We're in a regulated industry. Can VectaX satisfy our compliance and data residency requirements?
What about memory and retrieval? Does VectaX cover RAG and agent memory too?
How does VectaX prove the boundary held in production?
Get started
See encrypted AI security in action.
FHE-native inference. Runtime agent guardrails. Continuous red teaming. One platform. Book a working session with the team.
Six layers. One agent estate.
Every Mirror product is one layer of the same surface. Adopt one, or stack them.
VectaX
AI Data Security
Encrypt context, prompts, embeddings, and inference output end-to-end. AI keeps working on data that's mathematically guaranteed to stay private.
DiscoveR
Vulnerability Scanning
Hunt prompt injection, model leaks, and AI-specific zero-days as they emerge across every model, agent, and integration in your stack.
AgentIQ
AI Agent Security
Watch every action, tool call, and decision from your agents. Anomaly alerts, automated response, and a full audit trail built for compliance.
Zero
AI Governance
The agent estate, governed. Discovers every AI agent (sanctioned or shadow) and runs the four governance workflows.
Gateway
AI Gateway
Inspect, authenticate, and throttle traffic before it reaches your models. Prompt firewall, edge auth, and policy enforcement with an audit trail at the door.
CodePrism
AI Coding
Coding on encrypted code. Coding assistance, indexing, review, and security scans, all on ciphertext.