What does "stays in our infrastructure" actually mean for an AI coding assistant?

It means every layer of the platform — model invocation, knowledge-base retrieval, prompt processing, audit logging — runs inside the customer's controlled environment. No prompts leave the network boundary. No source code transits a vendor cloud. No AI outputs are stored outside the customer's account. The customer owns the infrastructure, the keys, the logs, and the operational responsibility.

How is "stays in our infrastructure" different from a vendor SOC 2 attestation?

A vendor SOC 2 attestation proves the vendor protected data in their environment. The data still flows to that environment. "Stays in our infrastructure" means the data never leaves the customer's environment in the first place, so the vendor environment is irrelevant to the audit. Different problem, different solution.

Which enterprise AI coding assistants genuinely stay in customer infrastructure in 2026?

OutcomeOps deploys as Terraform into the customer's AWS account by default — there is no SaaS variant. Tabnine Enterprise and Sourcegraph Cody Enterprise offer self-hosted container deployment options. Augment Code claims a VPC option for enterprise tiers. GitHub Copilot Business, Cursor, and most consumer-grade tools remain SaaS-only.

Does "stays in our infrastructure" mean the customer has to operate the AI platform like a managed service?

Operationally yes — the customer is responsible for running the deployed platform. Practically the burden is small for any team already running production AWS. The platform is built from standard AWS services (Lambda, DynamoDB, S3, S3 Vectors, Bedrock); existing monitoring, alerting, backup, and DR tooling all apply. There is no separate observability stack to learn.

What about model updates — does "stays in our infrastructure" prevent the customer from getting new model versions?

No. The platform invokes Bedrock; AWS publishes new Claude versions as Bedrock model IDs. The customer chooses when to switch. Platform updates ship as new Terraform module versions; the customer applies them on their own timeline. There are no surprise vendor-side upgrades to a production system.

Enterprise AI Coding That Stays in Your Infrastructure (2026)

Every enterprise AI coding evaluation in 2026 eventually arrives at the same line in the security review: where does the code go? The buyers who ask the question loudest — banks, insurers, hospital systems, defense primes, anyone with a meaningful regulatory burden — have a specific answer in mind. They want the AI assistant to stay inside their infrastructure. Not in a vendor’s cloud with VPC peering. Not in a vendor’s cloud with privacy mode. In their infrastructure.

This post explains what that requirement looks like architecturally, which enterprise AI coding tools actually deliver it, and why the deployment model determines everything downstream — from procurement velocity to ongoing audit cost.

The Three Layers of “Stays in Our Infrastructure”

Vendor marketing makes this sound binary — the tool is either “customer-hosted” or “cloud SaaS.” The reality has three layers, and most tools fully deliver only one or two of them.

Layer 1: The control plane

The control plane is the orchestration logic — webhook handling, code-generation pipelines, plan generation, validation. SaaS tools run this in the vendor’s cloud. Truly customer-deployed tools run it as Lambda functions, container workloads, or serverless functions inside the customer’s account. The customer’s existing IAM, monitoring, and DR tooling apply.

Layer 2: The model invocation

The model invocation is where the prompt actually meets the language model. SaaS tools run this in the vendor’s cloud (or a vendor-managed proxy to OpenAI / Anthropic). Customer-deployed tools invoke a model service directly from inside the customer’s VPC — AWS Bedrock from a customer Lambda, for example. The call traffic stays within the customer’s account boundary.

Layer 3: The data plane

The data plane is everything stored: the knowledge base of code-maps and ADRs, the audit log of every interaction, the cached embeddings, the OAuth tokens for source-control integrations. SaaS tools store this in the vendor’s databases. Customer-deployed tools store it in the customer’s own DynamoDB, S3, and S3 Vectors — encrypted with the customer’s KMS keys, accessed only via the customer’s IAM permissions.

A platform that stays in customer infrastructure delivers all three layers. Anything less leaves a vendor surface that compliance and infosec teams still have to assess.

Comparison: Enterprise AI Coding Tools by Infrastructure Layer

Cells marked ⚠ reflect partial support, claimed-but-not-verified availability, or capabilities that vary by tier. Verify on each vendor’s public documentation before procurement.

Tool	Control plane in customer infra	Model invocation in customer infra	Data plane in customer infra
OutcomeOps	Yes — Lambda	Yes — Bedrock from VPC	Yes — customer DynamoDB / S3 / S3 Vectors
GitHub Copilot Business	No	No	No
Cursor	No	No	No
Augment Code	⚠ VPC tier only	⚠ Vendor-managed proxy	⚠ CMEK claimed
Tabnine Enterprise	Yes (on-prem)	Yes (on-prem)	⚠ On-prem, not customer-keyed by default
Amazon Q Developer	⚠ AWS-managed (vendor = AWS)	⚠ AWS-managed	⚠ CloudTrail only
Sourcegraph Cody Enterprise	Yes (self-hosted)	⚠ Configurable	Yes (self-hosted)

Status as of May 2026. Verify on vendor docs before procurement.

Three patterns emerge. First, most consumer-grade AI coding tools deliver none of the layers in customer infrastructure — they are SaaS by design. Second, several enterprise tools deliver one or two layers but not all three; the data plane is usually the gap. Third, OutcomeOps is the only tool in the comparison set that delivers all three layers as the default deployment model, not as an enterprise upcharge.

At Pearson, we built a platform called Nibiru — platform engineering before the industry had the term. The argument we made to the business was simple: if you operate the infrastructure your engineers build on, you control the cost curve, the upgrade timeline, and the audit boundary. If you outsource it to a vendor, you do not. That argument applied to PaaS in 2016. It applies to AI coding in 2026. The platforms that stay in your infrastructure are the ones you can defend in audit, optimize on your own schedule, and scale without renegotiating a contract every quarter.

Why “Stays in Our Infrastructure” Matters Operationally

The compliance argument is the loudest. The operational argument matters more over time.

Cost stays predictable

When the platform runs in the customer’s AWS account, model usage costs are direct AWS Bedrock charges — the customer pays AWS, no vendor markup. OutcomeOps generates features at roughly $2–$4 each in Bedrock costs. SaaS tools price by seat or by token at vendor-set rates that include the vendor’s margin and infrastructure overhead.

Observability is unified

A customer-deployed platform emits CloudWatch logs, X-Ray traces, and CloudTrail events into the customer’s existing observability pipeline. The same dashboards that monitor the rest of the customer’s AWS workloads show the AI platform’s behavior. SaaS tools either provide a vendor dashboard or push limited telemetry; bridging that gap is operational toil.

Incident response stays in-house

When something goes wrong — a runaway code generation, a leaked credential in a prompt, a Bedrock outage — the customer’s incident response team can investigate using the customer’s own tooling. SaaS incidents require coordinating with the vendor, which adds hours to mean-time-to-recovery.

Vendor dependency is bounded

If OutcomeOps disappeared tomorrow, the customer’s deployed Terraform would keep running. The platform code is in the customer’s account. The audit log is in the customer’s DynamoDB. The knowledge base is in the customer’s S3 Vectors. The customer can fork it, freeze it, or migrate at their own pace. SaaS tools have no equivalent exit story.

What This Looks Like in Procurement

The procurement-velocity advantage of customer-infrastructure deployment compounds across the buying organization. A few patterns are visible in actual rollouts:

No new vendor onboarding. The customer is not adding a new third-party processor to its data flow. There is no BAA to negotiate, no DPA to add, no sub-processor disclosure to vet, no insurance coverage to verify.
No new audit scope. The platform runs inside the customer’s existing audit boundary. SOC 2 auditors do not need to scope a new vendor environment. HIPAA auditors do not need a separate BAA review. ITAR-controlled environments do not need a foreign-access risk assessment for a third-party cloud.
Existing security tooling applies. The customer’s existing AWS GuardDuty, CloudTrail anomaly detection, Macie data-loss-prevention, and Security Hub findings cover the platform. No separate security tooling for the AI assistant.
Procurement timeline collapses. Engineering teams that expected six months to evaluate routinely reach pilot inside two weeks because the compliance pre-work is small.

For a deeper look at the compliance-burden math, see AI Coding Tools for Regulated Industries. For the AWS-specific architectural details, see AI Coding Tool That Deploys in Your AWS Account.

How to Evaluate

The free two-week proof of concept is structured for the “stays in our infrastructure” question:

Day 1–3: Apply the Terraform into a non-production AWS account. Verify all three layers run inside the customer environment.
Week 1: Generate code against representative repositories. Inspect the audit logs in the customer’s DynamoDB. Confirm no data egress.
Week 2: Compliance and infosec review. Verify the deployment model meets the “stays in our infrastructure” requirement and that the existing posture covers it.

Book an enterprise briefing to start the PoC.

OutcomeOps: The Future of AI Engineering

Opens Substack in a new tab to confirm. No spam — unsubscribe anytime.

Enterprise AI Coding Assistant That Stays in Your Infrastructure (2026)