VectaX

encryption for intelligence.

Encryption that follows AI through every place it touches your data.

Memory

search on ciphertext

Inference

data stays encrypted

Training

fine-tune encrypted

VECTAX · FHE
customer_pii.csv
encrypted result
Encrypted end-to-end. Only you hold the key.

The problem

The moment a model touches your data, it's decrypted. So your most sensitive data never gets near production AI.

In memory, at inference, in training, every place AI reaches your data, something has to put it in the clear. That's why your regulated records, your IP, your customers' lives sit on the wrong side of the AI line: exposure is the price of entry.

Mirror restores Encryption · FHE · data it can never see.

The five surfaces VectaX covers

Wherever intelligence touches data, VectaX is the layer underneath.

Most "encryption for AI" stops at the gateway. VectaX doesn't stop. The data stays sealed across all five.

    Encrypted memory

    RAG · vectors · agent memory

    Encrypted inference

    computes on ciphertext

    Encrypted training

    fine-tune without exposing data

    Distillation defence

    your model can't be cloned

    Multiparty compute

    joint analysis · zero sharing

One band underneath

VectaX is the encryption layer underneath every surface intelligence touches.

Deploy where your data already is

Your boundary doesn't move. VectaX comes to you.

Pick where the security boundary sits today: gateway, edge, or fully on-prem. The dashed line is yours; VectaX meets it there.

Edge

at the client / device

You VectaX Model

Encrypt at the source: browser, mobile, on-device. The rest of your stack only ever handles ciphertext.

Gateway

in front of your AI stack

You VectaX Model

Drop VectaX in front of your endpoints and stores. Traffic encrypts on entry; nothing downstream sees plaintext.

On-prem

inside your VPC · sovereign region

You VectaX Model

Run VectaX entirely in your VPC or air-gapped network. Keys never leave. Mirror runs where your data lives.

Why FHE, not just TEE or VPC

TEE secures one room. VectaX moves with the data.

TEE / VPC enclaves

  • Covers one surface: the inference enclave
  • Memory, agents, tools, training stay plaintext outside
  • Data has to move into the vendor's enclave to be useful
  • Sovereign and classified data can't legally move at all
  • Plaintext inside the enclave; one boundary break exposes everything

VectaX · FHE

  • One encryption layer across every surface AI touches
  • Memory, inference, training, distillation, MPC all encrypted
  • Mirror runs where your data already lives
  • Sovereign, regulated, air-gapped, keys never leave
  • Ciphertext throughout; nothing to expose, even if the boundary is broken

Benchmarks

Most of plaintext throughput. All of the encryption.

The model computes on ciphertext. The vector store retrieves on ciphertext. Plaintext never leaves the agent. On open-weight Llama-2 7B and 70B served with vLLM on datacenter GPUs, this is what comes out.

No single number describes an AI workload. Model and size, quantization, serving stack and kernels (vLLM build, attention impl), and workload shape all pull the tradeoff in a different direction. Below is the public band; per-config rows are in the technical brief.

Workload model · batch Plaintext tok/s · vLLM baseline VectaX tok/s · encrypted Result what it means in practice
Llama-2 7B inference, batch 32 46.5 ~37 Production throughput
Llama-2 70B inference, batch 16 11.8 ~9.5 Production throughput
Time-to-first-token, 7B 24 ms Under 350 ms Sub-second TTFT
Encrypted retrieval (MSMARCO, k=10) 4 ms p95 12 ms p95 Ranking preserved

Accuracy: plaintext vs VectaX

Standard benchmarks · unencrypted vs encrypted, same model

Task Plain VectaX Delta
MMLU (5-shot) 45.9% 45.5% −0.4 pts
HellaSwag (0-shot) 75.9% 75.6% −0.3 pts
HumanEval (pass@1) 12.7% 12.5% −0.2 pts
GSM8K (8-shot EM) 16.6% 16.0% −0.6 pts
MSMARCO (NDCG@5) 0.970 0.962 −0.8 pts

Average tax ≈ 0.4 pts across the four LLM tasks; 0.8 pts on MSMARCO retrieval.

Test rig: open-weight Llama-2 on vLLM. Single A100 for 7B, multi-GPU tensor parallel for 70B. The technical brief has the per-config rows, operator dispatch table, and the critical-path breakdown.

Memory and retrieval

Encrypted memory and context. For every agent.

Inference is half the encryption story. Long-term memory, RAG, and hybrid search are the other half. Most agent deployments give those up to keep data exposure manageable. Mirror keeps them, encrypted end to end, on a substrate that reads in milliseconds.

Memory and retrieval costs move with index size, query mix, recall target, and concurrency. Below is the public band; per-config rows are in the technical brief.

Agent memory benchmark open-source eval suite Mirror score Notes sample size, conditions
LoCoMo overall 90.7% n=1,540
LoCoMo multi-hop 95.7%
LoCoMo temporal 94.8%
LongMemEval 95.0% n=500, encrypted end-to-end

Encrypted retrieval substrate

50K vectors · 768-dim · top-10 · in-process, no cloud round-trip

Operation Latency Quality
Vector search 25 ms P50 · 29 ms P95 recall@10 = 1.00
Encrypted BM25 1.5 ms avg · 2.4 ms P95 PRF-encrypted tokens
Encrypted hybrid 1.3 ms end-to-end Ranking preserved

Sustained concurrency

Single node · recall preserved

Workers QPS P50 Recall
1 64 12 ms 1.00
4 184 15 ms 1.00
8 186 18 ms 1.00

Encryption overhead on the read path: 24 ms plaintext to 25 ms encrypted, +1 ms. Recall identical.

Encrypted layers

Vector values BM25 tokens Payloads Filter columns Sparse vectors Tenant key isolation

Test rig: Mirror-VDB on a single node, in-process, 50K vectors at 768 dim, top-10 retrieval. No cloud round-trip in the numbers above. Concurrency rows use the same harness. The brief has the per-config rows and the agent-harness integration notes.

Frequently asked

Questions, answered

What's the actual security problem VectaX solves? Isn't our data already encrypted?
VectaX closes the encryption gap that every other security layer misses: data exposure during AI inference. Standard encryption protects data at rest and in transit, but the moment a model processes your data, it is decrypted in memory. Your prompts, documents, and outputs are exposed during the one moment that matters most. VectaX uses Fully Homomorphic Encryption so inference and retrieval run on encrypted data end to end, with no plaintext exposed to the provider, the operator, the hardware, or an attacker who compromises the infrastructure.
Doesn't FHE have a massive performance penalty? Is this practical for production workloads?
VectaX retains most of plaintext throughput on production AI workloads. On open-weight Llama-2 7B and 70B served with vLLM on datacenter GPUs, encrypted inference runs at production speed with TTFT under 350 ms. Accuracy delta across MMLU, HellaSwag, HumanEval, and GSM8K stays under 1 point. Encrypted retrieval over a 50K vector / 768-dim index runs at 25 ms P50 with recall@10 = 1.00. Request the technical brief to get the full per-config table.
How does VectaX work with our existing inference stack?
VectaX is FHE rebuilt as a production runtime. The model the customer chooses (Llama-2, Mistral, GPT-OSS, or any open-weight family) runs unchanged. VectaX wires into vLLM, TGI, or a self-hosted serving path; the cryptographic budget is spent on user data, not on weights that are already open. Mirror does not require model retraining, custom kernels at the customer site, or proprietary hardware lock-in.
We're in a regulated industry. Can VectaX satisfy our compliance and data residency requirements?
VectaX is purpose-built for regulated environments. On-premises and sovereign-region deployments mean data never leaves the customer's infrastructure. Keys stay with the customer in every deployment mode. This satisfies residency and sovereignty requirements under GDPR, HIPAA, EU AI Act, and sovereign-AI mandates for defence and public sector. The cryptographic posture (FHE end to end) gives auditors mathematical proof of non-exposure, not a contractual assurance.
What about memory and retrieval? Does VectaX cover RAG and agent memory too?
Yes. VectaX includes encrypted vector search, encrypted BM25, and encrypted hybrid retrieval on the same key hierarchy as inference. Agent-memory benchmarks (LoCoMo, LongMemEval) hit 90.7%, 95.7%, 94.8%, and 95.0% on the standard slices. The overhead on the read path is +1 ms versus plaintext (24 ms to 25 ms P50). Recall is identical.
How does VectaX prove the boundary held in production?
Every inference and retrieval through VectaX leaves a tamper-evident signed receipt that captures the request hash, the policy version applied, the model invoked, and the encryption posture. Receipts are queryable, attributable to the calling agent's signed identity (via AgentIQ), and admissible as cryptographic evidence for regulators. For auditors who ask 'how do you know it stayed encrypted', the answer is a verifiable signature, not a screenshot.

Get started

See encrypted AI security in action.

FHE-native inference. Runtime agent guardrails. Continuous red teaming. One platform. Book a working session with the team.

Six layers. One agent estate.

Every Mirror product is one layer of the same surface. Adopt one, or stack them.

VectaX

AI Data Security

Encrypt context, prompts, embeddings, and inference output end-to-end. AI keeps working on data that's mathematically guaranteed to stay private.

Explore VectaX

DiscoveR

Vulnerability Scanning

Hunt prompt injection, model leaks, and AI-specific zero-days as they emerge across every model, agent, and integration in your stack.

Explore DiscoveR

AgentIQ

AI Agent Security

Watch every action, tool call, and decision from your agents. Anomaly alerts, automated response, and a full audit trail built for compliance.

Explore AgentIQ

Zero

AI Governance

The agent estate, governed. Discovers every AI agent (sanctioned or shadow) and runs the four governance workflows.

Explore Zero

Gateway

AI Gateway

Inspect, authenticate, and throttle traffic before it reaches your models. Prompt firewall, edge auth, and policy enforcement with an audit trail at the door.

Explore Gateway

CodePrism

AI Coding

Coding on encrypted code. Coding assistance, indexing, review, and security scans, all on ciphertext.

Explore CodePrism