Continuous CVE scanning from three authoritative sources, automatic risk scoring, config drift detection, and CIS compliance — all without sending a byte of your data anywhere.
LocalM computes a composite 0–100 risk score for every host, accounting for CVSS severity, KEV active exploitation, patch age, and exposed attack surface.
LocalM cross-references three authoritative vulnerability databases, refreshed on a configurable schedule, with no cloud dependency.
The authoritative US government CVE database. Full CVSS v3.1 scoring, CWE classifications, and CPE application matching. LocalM pulls NVD feeds directly — no paid API key required.
Refreshed every 24h via NVD JSON feeds. Covers virtually all known software vulnerabilities with standardised scoring.
CISA's KEV Catalog is the definitive list of vulnerabilities being actively exploited in the wild. These aren't theoretical — attackers are using them right now. LocalM highlights any KEV hit with maximum urgency.
A CVE-CVSS 5.5 that is on the KEV list is infinitely more dangerous than a CVSS 9.8 that isn't. LocalM treats KEV as highest priority.
Google's open-source vulnerability database covers Python packages, npm, Go, Rust, and more — areas NVD often misses. Essential for any host running application stacks.
Closes the gap between OS-level CVEs and application dependency vulnerabilities. LocalM scans pip, npm, and gem in addition to system packages.
Configure exactly how much automation you want. Patch KEV-active criticals automatically. Require sign-off for everything else. Fully customisable per host group.
Auto-patch immediately. CISA KEV active exploitation confirmed. No approval gate. Full audit logged.
Queue for patch within 24h. Single approver sign-off required before execution. Revert pre-generated.
Schedule for next maintenance window. Two-approver sign-off. Optional defer with 30-day re-notification.
Logged and tracked. No automatic action. Addressed during routine patching cycles. Still auditable.
LocalM baselines every security-sensitive file across your fleet. Periodic SSH re-scans detect any modification — expected or not. Acknowledge legitimate changes, escalate unexpected ones.
SSH-based checks aligned to CIS Benchmark controls. Per-host pass/fail scores trend over time, so you can measure improvement. LLM generates remediation steps for every failed check.
LocalM is architected from first principles for air-gap environments. Every component runs on-premise. Zero cloud dependencies. Full GDPR compliance by design.
Ollama runs the AI locally — Qwen 2.5, Llama 3.1. Your infrastructure data, logs, and CVE context never reach OpenAI, Anthropic, or any external API.
SQLite for structured data. ChromaDB for vector embeddings. Both run on your own disk. No SaaS backend. No data exfiltration possible.
After initial knowledge base seeding, LocalM operates entirely without internet. Perfect for air-gap networks, defence environments, and classified infrastructure.
Every action — playbook run, approval, login — is written to a tamper-evident audit log. Full accountability for compliance auditors and security teams.
No personal data exported. No analytics beacons. No licence phone-home. Data residency is wherever you deploy it — your data centre, your rules.
Developed in England. All intellectual property owned by a UK company. Ideal for public sector, NHS, and organisations with UK data residency requirements.
When data sovereignty is a legal requirement, not just a preference, LocalM is the only AIOps platform that qualifies.
FCA-regulated firms need security tooling that doesn't send trading data, customer PII, or system configurations to third-party clouds. LocalM's air-gap architecture satisfies PCI-DSS, SOX, and FCA operational resilience requirements out of the box.
Patient data in server logs or configurations can never leave NHS infrastructure. LocalM monitors clinical systems, surfaces vulnerabilities in medical software stacks, and auto-remediates — all without a single byte leaving the trust's network boundary.
Operational technology networks are often truly air-gapped. LocalM's offline mode lets you monitor Linux-based SCADA servers, HMIs, and production systems from within the OT network — no external connectivity required. No exceptions.
Connect a single Linux host to LocalM and get a complete CVE risk score with KEV highlights in under a minute. Your data never leaves your network.