INULTUS - Cut 80% of patching time. Keep full control.

The on-premises AI copilot for sysadmins. Describe what you need in plain language. Inultus generates PyInfra code, tests it, and waits for your approval. Your data never leaves your network.

On-premises Agentless No SSH for AI ISO 27001 SOC 2 Air-gap ready

Schedule a 15-min demo See how it works

Non inultus premor

I am not injured unavenged.

30+

French hospitals hit by ransomware in 2022-2023

20%

of hospital servers run obsolete, unpatched systems

150+

hours/month on manual vulnerability management

3x

increase in vulnerability exploitation as initial access vector

Institutions are getting breached. They cannot hire fast enough.

30+ French hospitals hit by ransomware in 2 years. 20% of hospital servers run obsolete systems. Your team spends 150h/month on manual patching instead of securing the fleet.

Breaches are accelerating

60% of breaches trace to a known, unpatched vulnerability. Vulnerability exploitation as initial access tripled in one year. Every delay is a window for attackers.

AI tools that break production

Claude Code and Cursor shell out to bash. They run arbitrary commands. One hallucinated rm -rf and the business is down. No sysadmin trusts an AI with raw SSH to production.

No safe middle ground

Give AI full root (unacceptable) or do everything by hand (unsustainable). There is no AI that generates tested, auditable code and lets a human review it before execution.

Sovereignty is non-negotiable

Government agencies, banks, hospitals cannot send fleet data to a SaaS vendor. NIS2, DORA, HDS, RGPD: compliance deadlines are here. 86% of CIOs plan to repatriate workloads on-premises. Existing AI tools are cloud-only.

Discover. Instruct. Generate. Review.

Ask your fleet anything. Describe what you need. Inultus writes the PyInfra code, tests it, and waits for your approval.

Discover

Ask your fleet anything

Query your infrastructure in plain language. Inultus collects PyInfra facts across your fleet and returns structured data: OS versions, installed packages, running services, kernel versions, open ports.

inultus

inultus> What OS and package managers are on

my production servers?

Collecting facts from 47 hosts...

HOST OS PKG MGR

prod-web-01 Ubuntu 22.04 apt

prod-web-02 Ubuntu 22.04 apt

prod-db-01 Debian 12 apt

prod-api-03 Rocky 9.3 dnf

Instruct

Describe what you need

"Are my servers compliant with CIS benchmarks?" Inultus audits the fleet, identifies gaps, and generates hardening code adapted to each target.

inultus

inultus> How secure are my servers against

CIS Level 1 benchmarks?

Auditing 47 hosts against CIS Level 1...

23/47 hosts: 12 findings (SSH, perms, audit)

24/47 hosts: compliant

Generate

Code is written and tested automatically

Inultus generates real PyInfra hardening code for each non-compliant host. The code is tested in a Docker sandbox before you ever see it. Syntax, idempotency, and target validation, all checked.

inultus

Generated: harden_cis_level1.py

files.line("/etc/ssh/sshd_config", ...)

systemd.service("auditd", running=True)

Testing in Docker sandbox...

ok syntax check passed

ok dry run 23 hosts, 0 errors

ok idempotency verified

Review

You read the code, you approve

You review real PyInfra code, not a summary. Color-coded risk, affected hosts, every operation visible. Execution runs as an isolated Docker container. Full logs, fully auditable.

inultus

Risk: MEDIUM (SSH config change)

Targets: 23 non-compliant hosts

[Approve & Harden] [Edit Code] [Cancel]

[Approve & Harden]

Executing via Docker run...

ok sshd_config hardened

ok auditd running, enabled

On-premises by default

Your data stays on your network. The AI stays on a leash.

YOUR PREMISES

Web chat + CLI (two interfaces)
Custom Qwen model with web search
PyInfra execution via Docker containers
PocketBase (DB + file storage + SSO)
Full audit trail (execution logs saved)

Fleet data NEVER leaves.

LLM calls only

CLOUD

LLM API (optional)

Only inference calls. No data stored.

Fully air-gapped option

Custom Qwen model runs on-premises. Nothing leaves the network. Zero external dependencies.

Why Inultus

"Non inultus premor" — Motto of Nancy, Lorraine, since 1477.

We are PyInfra contributor #3

We do not wrap PyInfra, we shape it. Direct influence on the fact/operation API roadmap. This is not a "we use open source" story. This is a "we ARE the open source" story.

Hallucination-proof by design

The AI writes code, not commands. The code is tested in a sandbox. A human reads the actual code and approves. No raw SSH, no arbitrary execution, no surprises.

On-premises is the moat

Cloud AI tools opened the market. But banks, hospitals, and government cannot use them. Their data cannot leave their network. We serve the customers they cannot.

Docker-isolated execution

Every operation runs in an isolated Docker container. Full logs saved and auditable. No side effects on the Inultus host.

Two interfaces, one audit trail

Web chat dashboard for teams. CLI for automation and scripting. SSO authentication. PocketBase backend. Same engine, same logs.

Agentless

Nothing installed on target servers. Zero attack surface on managed hosts. Works with any server reachable via SSH: bare metal, VMs, multi-cloud.

Built for institutions

Large organizations that answer to regulators, not VCs.

Government & defense

Ministries, agencies, territorial authorities. Sovereignty, on-premises mandates.

Regulated enterprises

Banking, insurance, healthcare, energy, telecom. Audit trails, compliance, change control.

Critical infrastructure

OIV/OSE in France, KRITIS in Germany. Air-gapped networks, zero external dependencies.

Managed service providers

Large MSPs operating multi-tenant fleets for institutional clients.

Team

Loic Tosser

Founder & CTO

PyInfra contributor #3 FOSDEM speaker 10+ years production Linux/BSD fleets

Built Jinn, the predecessor serving enterprise clients in the Gulf: government, fintech, healthcare. 500+ servers managed.

HQ

Nancy, Lorraine, France

Born in the city of the thistle.

Questions

How does Inultus guarantee security if it runs operations on my servers?

Inultus never gets raw SSH access. It generates PyInfra code that you review before execution. Every operation runs in an isolated Docker container with full log capture. Nothing executes without your explicit approval.

What happens if the AI generates bad code?

Every generated script is automatically tested in a Docker sandbox: syntax check, dry run, idempotency validation. You see the test results before approving anything. You can also edit the code before execution.

Can Inultus run in a fully air-gapped environment?

Yes. The custom Qwen model can run on-premises. No external API calls, no data leaving your network. Zero external dependencies.

What does it integrate with?

Inultus manages any server reachable via SSH: bare metal, VMs, multi-cloud (AWS, GCP, Azure, Hetzner, Scaleway). SSO for authentication. MCP server for integration with external AI clients. PocketBase API for custom integrations.

How is this different from Ansible?

Ansible requires you to write playbooks. Inultus generates the code from natural language, tests it, and lets you review it. It also provides fleet discovery via PyInfra facts: ask questions about your infrastructure in plain language and get structured answers.

What is the ROI?

Teams typically spend 150+ hours/month on manual vulnerability management for a 100-server fleet. Inultus costs less than a junior sysadmin and accelerates patch cycles by 70-80%. The first pilot typically pays for itself within 3 months.

Touch my servers. I dare you.

See Inultus patch, harden, and report on a live fleet in 15 minutes.

Schedule a demo

contact@inultus.com