Domain-Aware AI: Intelligence That Understands Your Infrastructure

The Problem with General-Purpose AI in Infrastructure

Large language models are powerful. They can write code, summarize documents, and answer questions. But ask a general-purpose AI to analyze your firewall rules and it will give you generic advice. Ask it to audit your network topology and it will suggest best practices it read in a textbook. It doesn't understand your infrastructure.

Worse, most AI services require sending your configuration data — firewall rules, network maps, credentials, security policies — to a third-party cloud. For organizations in healthcare, finance, government, and critical infrastructure, this is a non-starter.

Infrastructure AI should understand your domain, run under your control, and never send your data anywhere.

Our Approach: One Engine, Domain-Specific Knowledge

Every DEC-LLC product ships with an AI plugin that shares a common inference engine but carries domain-specific knowledge unique to its role. The AI doesn't just process text — it understands the structure, semantics, and operational patterns of the infrastructure it manages.

Product	AI Domain	What It Understands
OpenUTM	Security	Firewall rule ordering, shadowed rules, nftables patterns, threat signatures, VPN tunnel health, IPS alerts, DNS filtering patterns. Covers on-prem, cloud, and hybrid perimeters.
NIVMIA	Networking	Cisco/Juniper/Arista config syntax, SNMP MIB semantics, interface health, VLAN/BGP/OSPF validation, broadcast storm detection, QoS capacity modeling, config standardization patterns, fleet-wide change impact analysis. Includes third-party vendor equipment — ISP routers, MSP firewalls, carrier CPE, SD-WAN appliances.
IVMIA	Compute	VM placement, resource contention and redistribution, hardware compatibility validation, migration policies, storage performance, capacity forecasting — plus workstation fleet health, endpoint compliance, physical device inventory across Windows, macOS, Linux, POS terminals, and field devices.
VaultSync	Data Protection	Backup chain integrity, deduplication ratios, replication lag, retention compliance, capacity forecasting. Includes mobile device backup analysis and business data extraction from backup sets.

The same engine powers all four products. The difference is what each one knows about its domain — embedded through system prompts, domain schemas, specialized analyzers, and product-specific knowledge bases.

What the AI Actually Does

The AI plugin operates in two phases, matching the trust level between the operator and the system.

Community & Standard Tier

Phase 1: Analyze and Advise

Read-only analysis of your infrastructure. The AI examines your configuration, identifies issues, and provides actionable recommendations. It never modifies anything.

Rule Analysis — Finds shadowed, redundant, and overly permissive firewall rules. Scores your ruleset.
Security Audit — Grades your configuration (A through F) across firewall, NAT, DHCP, interfaces, management access, and authentication.
Network Analysis — Evaluates interface health, DHCP scope utilization, routing configuration, and network segmentation.
Threat Detection — Analyzes firewall logs for DNS tunneling, port scans, brute force attempts, and anomalous traffic patterns.
Change Review — Before you apply a configuration change, the AI diffs the current and proposed config and flags safety concerns.
Interactive Chat — Ask questions about your configuration in natural language. "Why is this rule here?" "What would happen if I blocked this subnet?"

Enterprise Tier

Phase 2: Managed Operations

The AI can propose and execute configuration changes within strict guardrails. Every action requires approval (or passes through a risk classifier for semi-autonomous operation).

Rule Management — Create, modify, or delete firewall rules in the draft configuration based on analysis findings or operator requests.
Risk Classification — Every proposed change is classified as low, medium, or high risk before execution.
Approval Workflow — Supervised mode requires human approval for every change. Semi-autonomous mode auto-approves low-risk changes. Autonomous mode is available for environments that need it.
Auto-Rollback — If management connectivity is lost within 60 seconds of applying a change, the previous configuration is automatically restored. The AI cannot lock you out.

Protecting the Customer's Investment

The AI plugin is not a replacement for the operator. It is a force multiplier that helps the operator make better decisions, catch mistakes before they happen, and maintain a state of well-being across the infrastructure.

Continuous Health Monitoring

Each product's AI runs periodic health checks against its domain knowledge:

OpenUTM: Are firewall rules still optimal? Has a new CVE made a previously acceptable rule dangerous? Is the VPN tunnel showing degradation patterns that predict failure? Are cloud security policies in sync with on-prem?
NIVMIA: Has a switch config drifted from the baseline? Is a VLAN misconfigured on a trunk port? Are BGP peers flapping? Is an OSPF adjacency failing to form? Is the ISP-provided router behaving differently? Is a broadcast storm developing? Does bandwidth trending suggest a QoS policy change is needed? The AI monitors, diagnoses, and recommends corrections across the entire network fleet.
IVMIA: Is a VM host approaching saturation? Should workloads be redistributed? Is a new server hardware-compatible with the existing cluster? Are workstation fleet patches current? Is a POS terminal offline? The AI optimizes resource allocation across the entire compute estate.
VaultSync: Are all backups completing — VMs, physical servers, network configs, and company phones? Is deduplication ratio declining? Are mobile device backups current? Can the contact directory be rebuilt from the latest phone backup?

These checks run under the customer's control, using the customer's own data. The results feed into the platform's notification system — the operator gets an alert when something needs attention, along with a specific recommendation from the AI.

Institutional Knowledge That Doesn't Walk Out the Door

Every organization has an engineer who knows why that firewall rule exists, why that VLAN is configured that way, or why backups run at 2 AM instead of midnight. When that engineer leaves, the knowledge leaves with them.

The AI plugin captures and retains this institutional knowledge. When the AI analyzes a rule and the operator adds context ("this rule exists because vendor X requires port 8443 for their health checks"), that context becomes part of the knowledge base. The next engineer who asks "why is this rule here?" gets the answer.

The customer's investment is not just in hardware and software. It is in the accumulated understanding of how their infrastructure works and why it is configured the way it is. The AI protects that investment by making institutional knowledge persistent and queryable.

Hard Guardrails: The AI Cannot Hurt You

The managed AI plugin (Phase 2) enforces hard guardrails at the engine level. These are not suggestions. They are compiled constraints that cannot be bypassed by prompt, configuration, or operator error.

Writes Target Draft Only

All AI modifications go to draft config. Apply is always an explicit, separate step.

Validation Before Apply

Every apply is preceded by automated validation. Invalid configs cannot be applied.

Transaction Limits

Maximum 5 rule changes per transaction. Prevents runaway modifications.

Protected Interfaces

Management and uplink interfaces cannot be disabled. The AI cannot lock you out.

Protected Ports

SSH and management API ports cannot be blocked on the management interface.

No Auth Modifications

Users, roles, and credentials are read-only to the AI. It cannot escalate its own privileges.

No License Modifications

The licensing subsystem is completely isolated from AI operations.

No Backup Deletion

Backup and recovery systems are read-only. The AI can analyze but never destroy.

Auto-Rollback

Loss of management connectivity triggers automatic restoration within 60 seconds.

Complete Audit Trail

Every AI action is logged to an append-only audit file. Tamper-evident by design.

Local Inference: Your Data Never Leaves

The AI engine runs entirely on the customer's hardware using local LLM inference. No API calls to OpenAI. No data sent to any cloud service. No telemetry. The model runs on the appliance itself or on a GPU-equipped server on the customer's network.

Component	Where It Runs	What It Needs
LLM Inference	Local (Ollama)	GPU recommended (8+ GB VRAM), CPU fallback available
Knowledge Base	Local (vector DB)	Product-specific, encrypted with license-derived key
Analyzers	On the appliance	Python, no external dependencies
Guardrails	On the appliance	Compiled binary, cannot be modified at runtime

For organizations that cannot have AI processing on the appliance itself (resource-constrained edge deployments), the inference engine can run on a dedicated GPU server on the same network. The data still never leaves the customer's environment.

Privacy by Architecture, Not by Policy

We don't promise to keep your data private. We make it architecturally impossible for your data to leave. There is no API endpoint to call, no telemetry to disable, no opt-out to configure. The inference engine talks to localhost. That's it.

Cross-Product Intelligence

When multiple DEC-LLC products are deployed together, their AI plugins share context through the SDNS platform's internal communication bus. This creates intelligence that no single product could achieve alone:

OpenUTM blocks a threat → NIVMIA's AI correlates the source IP with network traffic patterns and identifies other potentially compromised hosts → VaultSync's AI verifies backup integrity for affected systems
IVMIA detects a VM migration → OpenUTM's AI reviews whether firewall rules still apply correctly on the new host → NIVMIA's AI verifies monitoring targets are updated
VaultSync detects backup degradation → NIVMIA's AI checks for network-level issues (latency, packet loss) that could explain the degradation → operator gets a root cause, not just a symptom

Each product's AI is an expert in its domain. Together, they form a team that covers the full infrastructure stack — security, networking, compute, and data protection — with correlated intelligence and coordinated response.

The Human Is Always in Control

The AI is a tool, not an authority. It analyzes, recommends, and (when authorized) executes. But the human operator is always the final authority. The approval workflow ensures this at every level:

Supervised mode (default): Every AI action requires explicit human approval. The AI proposes; the human decides.
Semi-autonomous mode: Low-risk actions (adding a log rule, adjusting a DHCP scope) proceed automatically. High-risk actions (deleting rules, changing addressing) require approval.
Autonomous mode: Available for environments that need it (automated remediation, after-hours response). Hard guardrails still apply. Auto-rollback still protects against mistakes.

The operator can step in at any time, override any AI decision, and roll back any change. The AI assists the operator's judgment. It does not replace it.

The platform helps the operator not get hurt. The operator decides what happens. This is assisted infrastructure management — intelligence in service of human judgment, not in place of it.

Maintaining a State of Well-Being

Infrastructure has a natural tendency toward entropy. Configurations drift. Rules accumulate. Backups go untested. Capacity creeps toward limits. Small issues compound into outages.

The AI plugin's primary mission is to maintain a state of well-being across the customer's infrastructure investment. This means:

Proactive detection — Finding issues before they cause outages. A firewall rule that was fine last month may be dangerous today because of a new CVE.
Continuous audit — The security grade, the network health score, the backup integrity check — these run continuously, not once a quarter.
Drift prevention — When configuration drifts from the intended state, the AI flags it immediately. Not after the next audit. Not after the next incident.
Capacity forecasting — The AI models trends in resource utilization and alerts before thresholds are breached, giving the operator time to plan instead of react.
Knowledge continuity — When team members change, the institutional knowledge embedded in the AI's context ensures continuity. The new engineer has the same visibility as the veteran.

This is not artificial intelligence replacing human intelligence. It is artificial intelligence preserving human intelligence — capturing what the team knows, applying it consistently, and alerting when attention is needed.

The Goal

The customer's infrastructure should be healthier at the end of every month than it was at the beginning. Not because of heroic intervention, but because the platform is quietly, continuously maintaining a state of well-being — finding drift, flagging risks, preserving knowledge, and keeping the operator informed.

Domain-Aware AI for Infrastructure