Reduced Attack Surface, Not Zero: Elosia’s Honest Approach
Elosia doesn’t promise zero risk but the smallest possible attack surface. Here’s what Local First architecture protects, and what it doesn’t.
What Local First Really Changes and What It Can’t Do
Why We Chose Transparency Over Marketing
In cybersecurity, everyone promises zero risk. Software vendors compete with superlatives: “100% secure,” “unbreakable data,” “total protection.” Yet according to the IBM 2025 Cost of a Data Breach Report, the average cost of a breach has reached $4.44 million, and AI-related incidents have surged by 56.4% in just one year ((Stanford AI Index 2025)).
The reality? Zero risk doesn’t exist. Not for us, not for anyone.
What we can do and do is minimize the attack surface through concrete architectural choices. This article explains exactly what Elosia’s Local First architecture protects, what it doesn’t cover, and why this honesty is itself a competitive advantage for enterprise AI security.
The Structural Problem with Cloud AI Tools: Two Attack Surfaces Instead of One
To understand what Elosia changes, you first need to grasp what traditional cloud AI tools expose.
When you use ChatGPT, Perplexity, or most market AI assistants, your conversations are stored on remote servers, often in the U.S., sometimes without precise location guarantees. This mechanically creates two distinct attack surfaces:
Attack Surface #1: The Vendor’s Server
If the vendor suffers a data leak, misconfigured storage, or a targeted attack, your data goes with it. This isn’t hypothetical: In June 2025, researchers documented the EchoLeak vulnerability, exposing sensitive Microsoft 365 Copilot data without any user interaction (Harvard Business Review, January 2026). Oracle also confirmed two separate incidents in 2025 involving exposed cloud servers.
Attack Surface #2: Your Own Credentials
If an infostealer steals your AI tool login credentials, an attacker can access your account from anywhere in the world and view your entire conversation history. Your client briefs, financial analyses, internal strategies everything you’ve entrusted to the AI over months.
According to the Verizon 2025 Data Breach Investigations Report (DBIR), third-party involvement in data breaches doubled in one year. And per IBM, only 17% of companies have technical controls to prevent employees from uploading confidential data to public AI tools.
This is the context in which Elosia’s architecture makes sense.
What Elosia’s Local First Architecture Actually Protects
Elosia made a fundamental architectural choice: Your data never leaves your device. Not as a marketing promise, but as a technical design.
Here are the six concrete mechanisms that translate this choice:
1. OPFS & IndexedDB: Sovereign Storage in the Browser
Your conversations and knowledge bases are stored using the Origin Private File System (OPFS) and IndexedDB, two native browser APIs, isolated by design. Only the Elosia domain can access them. No third-party server has access to these files.
It’s like storing your documents in a safe built into your desk, rather than sending them to a warehouse you don’t know the address of.
2. Zero Data Retention (ZDR): No Persistence on Models
When you interact with AI models (GPT, Claude, Gemini…), Elosia uses ZDR endpoints: Your requests are processed in real time and immediately deleted. They’re neither stored nor used to train third-party models. This is the same guarantee Anthropic, OpenAI, and Gemini offer to enterprises via their Enterprise programs but applied by default on Elosia.
3. Local Vectorization: Your Documents Never Leave Your Machine
The embedding engine (E5-small and BGE-M3) runs directly in your browser via ONNX Runtime WebAssembly. When you import a contract, report, or internal notes for AI analysis, not a single byte is sent to a remote server. The vectorization, the operation that lets AI “understand” your documents happens entirely locally.
4. 100% Offline Mode: Zero Network Transit
Via WebGPU, the Phi-3.5 Mini model (3.8 billion parameters, 128K-token context) runs entirely in your browser. In offline mode, no data transits over the network, making any network interception impossible by design. It’s like using Ollama or AnythingLLM but with less installation complexity.
5. Hosting in France: Sovereign Orchestration
Request orchestration is hosted in Paris. No data transits to foreign jurisdictions subject to the U.S. Cloud Act or equivalent laws.
6. Zero Tracking, Zero Training
No analytics on your conversations. No use of your data to improve models. If you cancel your subscription, your data stays on your device. Elosia has no technical access to it.
What Local First Architecture Can’t Do and We Say So Clearly
Transparency also means naming limits.
1. The Infected Machine Remains the Ultimate Risk Vector
If your computer is compromised by an infostealer or malware, it can theoretically read IndexedDB content like any other browser data and exfiltrate it. This is a technical reality we don’t hide.
But the difference from a cloud solution is fundamental:
- With a cloud tool: Stolen credentials = permanent remote access to your entire history,- from anywhere, indefinitely.
- With Elosia: Infected machine = strictly local and temporary exposure. Once the session is closed, there’s nothing left to plunder remotely.
2. IndexedDB and OPFS Isn’t Natively Encrypted
Data stored in IndexedDB or OPFS isn’t encrypted by default by the browser. It’s isolated by origin (only elosia.ai can access it via the browser), but direct access to the OS file system bypasses this isolation. That’s why your machine’s security remains essential.
3. Cloud Model Request Transit
Even with ZDR active, your requests transit to model providers’ servers (OpenAI, Anthropic, Google…) during processing. They’re not stored, but they do travel. For the most sensitive use cases, offline mode (Gemma E2B, Ministral 3B, Llama 3.2 and Qwen 0.6B) are the only zero-transit option.
The Right Security Equation: Complementary Layers
Security is never a single solution. It’s a stack of complementary layers:
- Healthy Machine: Up-to-date antivirus/EDR, enabled MFA, no pirated software, vigilance against fake CAPTCHAs (ClickFix technique).
- Local First AI Tool: No server to hack, no remotely accessible history, ZDR by default on all requests.
- Offline Mode for the Most Sensitive: Gemma E2B, Ministral 3B, Llama 3.2, and Qwen 3.5 0.6B four models via WebGPU, zero network transit, maximum protection for critical data.
Elosia doesn’t replace your workstation’s security. It eliminates the external attack surface:
- The third-party server,
- The centralized database,
- The history accessible from anywhere in the world,
so the only remaining variable is your machine. And that’s a structural change, not a cosmetic one.
Why This Honesty Is a B2B Advantage
In a context where 83% of companies have no technical control over what their employees send to public AI tools (IBM 2025), and where AI-related breaches have doubled in a year, CISOs and DPOs need two things:
- Verifiable technical guarantees, not marketing promises.
- A documented and controlled attack surface, not a black box.
This is exactly what Elosia’s architecture offers. Not zero risk no one can honestly promise that but the smallest possible attack surface, documented mechanism by mechanism, with clearly named limits.
“Confidentiality isn’t an option. It’s the architecture.”
For lawyers, doctors, strategy consultants, and finance teams handling highly sensitive data daily, this difference isn’t marginal. It’s fundamental.
In Summary
| What Elosia Eliminates | What Elosia Doesn’t Cover |
|---|---|
| ✅ Elosia server leaks | ⚠️ Infected local machine |
| ✅ Remote access via stolen credentials | ⚠️ IndexedDB not natively encrypted |
| ✅ Vendor storage of your conversations | ⚠️ Cloud model request transit |
| ✅ Model training on your data | ⚠️ Browser risks (XSS) |
| ✅ Exposure to foreign jurisdictions | ⚠️ Risky user behavior |
Absolute security doesn’t exist. But choosing tools that structurally reduce your exposure is the most responsible decision you can make today.