Why we built a desktop compliance tool in 2026

Every serious GRC vendor of the last decade made the same bet: put the product in the cloud. Vanta, Drata, Secureframe, OneTrust — different logos, identical architecture. Your evidence is uploaded to the vendor’s infrastructure, processed there, stored there, and surfaced back to you through a dashboard you log into. We built Probatum to run on your laptop instead. People assume that was a contrarian aesthetic choice. It wasn’t. It was arithmetic.

This post is the regulatory math behind that decision — why the cloud-SaaS model that worked beautifully for compliance in 2018 quietly broke somewhere around 2024, and why a desktop tool with a bundled local model is not a nostalgia play but the next baseline for anyone auditing AI systems.

Why everyone went cloud in the first place

The cloud-SaaS model won compliance for honest reasons. It is the easiest software business to operate and the easiest to monetize: recurring subscription revenue, a single codebase you control, telemetry on every customer, and a support surface where you can see exactly what the user sees. For the buyer, it removed the burden of hosting anything. For the vendor, it removed the burden of supporting a thousand slightly-different local environments.

Crucially, it also worked for the data involved. Early compliance evidence was low-sensitivity: a screenshot of an MFA setting, a CSV of user accounts, an exported list of Jira tickets, a PDF of a policy. Shipping that to a vendor cloud was a reasonable trade. The marginal sensitivity of “here is proof that we rotate access keys” is close to zero. The convenience was enormous. The bet paid off.

The data changed underneath the tool

Then the object of compliance changed. The EU AI Act passed. NIST’s AI Risk Management Framework became a de-facto reference in US federal procurement. ISO/IEC 42001 shipped as the first certifiable AI management-system standard. Suddenly “compliance evidence” no longer meant a screenshot of a settings page. It meant:

• Model cards describing systems that are themselves trade secrets.
• Representative prompts and outputs — which routinely contain customer data, PII, or PHI.
• Training-data lineage and dataset documentation.
• Evaluation results that reveal exactly where a model fails.
• Incident records describing how an AI system behaved badly in production.

The sensitivity profile inverted. The artifacts a modern AI-governance audit needs are some of the most confidential material a company owns. Uploading those to a vendor cloud is a categorically different decision than uploading a list of which laptops have disk encryption turned on.

The exposure paradox

This is where the model breaks. To prove that you handle sensitive AI data responsibly, the cloud-SaaS approach first requires you to copy that sensitive AI data to a third party. The act of demonstrating control creates a new loss of control. You generate a fresh data-processing relationship, a fresh sub-processor to disclose, a fresh breach surface, and a fresh set of questions from your own customers — all in service of an audit whose entire point was to show that data stays where it belongs.

We kept losing deals to exactly this contradiction. Security teams at defense contractors, hospitals, and banks would reach the same sentence: “We can’t put our model internals and prompt logs in your cloud, sorry.” They were right. There was no clever data-processing addendum that made the paradox go away. The architecture was the problem.

What desktop-first actually buys you

So we built the opposite. Probatum is a desktop application with a local LLM bundled in. Document parsing, embeddings, vector search, and inference all happen on the analyst’s machine. The core idea is small and stubborn: data residency should be a property of the architecture, not a clause in a contract. Three things fall out of that decision.

• Zero egress. Your documents never leave the machine. There is no upload step to disclose, no sub-processor to add to your vendor list, no new breach surface to defend. The honest answer to “where does our data go?” becomes “nowhere.”
• Signed, portable evidence. Every finding is sealed into an Ed25519-signed W3C Verifiable Credential. Your auditor verifies it offline with an open-source CLI — no Probatum account, no portal, no requirement to trust us. The proof is a file, not a login.
• A tamper-evident record. Findings are written into a SHA-256 hash-chained log. Alter any entry after the fact and the chain breaks, visibly. The integrity guarantee is mathematical, not a promise about our internal access controls.

The cost we accepted

We are not going to pretend this was free. Desktop-first is harder on almost every axis a startup is measured by. Shipping cross-platform installers is slower than pushing a web build. You can’t hot-patch a bug for every user in an afternoon. You forgo the river of usage telemetry that cloud vendors mine for product decisions — appropriately, since the whole premise is that we can’t see your data. And a local model that runs on a laptop will never match a frontier model in a data center on raw capability.

We took those costs deliberately, because the one thing the model cannot do is leak your evidence, and for the buyers we care about that single property outranks all the conveniences we gave up. A slightly slower tool you can actually use beats a faster one your security team will never approve.

“But the local model is weaker”

The most common objection is capability: a model that fits on a laptop cannot match a frontier model running on a rack of accelerators, so surely the audit quality suffers. It is a fair worry that dissolves once you look at what the audit task actually is. Compliance auditing is not open-ended generation — it is retrieval and grounding. The job is to find the passage in your evidence that supports or refutes a control, cite it exactly, and refuse to assert anything it cannot trace.

That reframing is what makes a local model not just adequate but appropriate. Probatum leans on a retrieval pipeline with cross-encoder reranking so the right paragraph surfaces, and every answer is grounded in cited source text. Claims that cannot be traced back to a document are flagged before they enter the record, rather than smoothed over with confident prose. A smaller model that cites its evidence and admits its gaps produces a more defensible audit than a larger model that hallucinates fluently. For this task, faithfulness beats fluency — and faithfulness does not require the cloud.

Why the incumbents can’t simply follow

A reasonable question: if desktop-first is so defensible, why won’t the cloud incumbents just ship a desktop version? Because their entire business is built on the opposite assumption. Their pricing, their telemetry-driven roadmap, their support model, their data-science teams mining aggregate customer data, and their investor story all depend on the evidence flowing through their infrastructure. Re-architecting to never see customer data isn’t a feature toggle — it removes the foundation the company stands on. That structural commitment is our moat. We started with the constraint that we can never see your data, and built everything else around it.

Who this is for — and where it goes

If you sell into defense, healthcare, finance, or any sector touching EU AI Act high-risk systems, the calculus is no longer close. The deals you are trying to win are exactly the deals where “our evidence sits in a vendor cloud” is a disqualifier. Desktop-first stops being a quirk and starts being a requirement on the RFP.

The broader trend is clear: as the data inside compliance grows more sensitive, the gravity well pulls computation back toward the data instead of pulling data toward the computation. We think on-device, cryptographically-signed auditing is where AI governance lands. We built the desktop tool early because the math said the rest of the category would have to follow.