Aridhia DRE - Trusted Research Environment
AIRA AIRA

Governed AI inside the trust boundary

AIRA is the Aridhia DRE's large language model inference capability, reachable from inside a workspace. It gives researchers a way to use AI that the organisation can govern, instead of leaving them to find their own.

How AIRA works   
 DRE Trust Boundary
Workspace
Sensitive Data
AIRA AIRA AIRA
Inference
Model
Governed

  Inference is held inside the trust boundary. Data never crosses it.

The problem:

Stop Shadow AI with AIRA

A Trusted Research Environment exists so sensitive data can be worked on without leaving. But to use most language models you have to send them your text, and the easiest models to reach sit outside the environment. That outbound call is itself a way for data to leave.

An organisation that offers no sanctioned way to use AI cannot govern the AI its researchers turn to regardless. It has no control over which models they reach, no say in whether data leaves, and no record of either. Banning AI usually moves the activity out of sight rather than ending it.

Trust Boundary
Workspace
Public Model

Shadow AI Usage

The researcher pastes sensitive data into a public chatbot. It leaves the trust boundary, with no audit trail and no way to bring it back.

Result:

  Sensitive data has been exposed.

Trust Boundary
Workspace
AIRA AIRA AIRA

Governed with AIRA

The model runs inside the trust boundary. Every call is logged, every prompt is versioned, and nothing leaves.

Result:

  Sensitive data remains secure.

What AIRA is:

One endpoint, inside the workspace

Any tool that speaks the protocol can call it: a Python client, a command-line tool, an IDE extension, or an R client like ellmer. Because the model runs inside the trust boundary, a prompt can contain the sensitive data a researcher is working with. Aridhia calls this the data-aware pattern.

workspace-facing contract
http POST https://api.hubdomain.net/api/aira/v1/chat/completions \
Authorization: "Bearer $WORKSPACE_API_KEY" \
model="workspace-chat" \
messages:='[
{"role": "user", "content": "workspace_file://patient_report_2024.csv"},
{"role": "user", "content": "Write a Python program to summarize this file"}
]'

Applications running inside a workspace, on a governed path

VSCode

Researchers get inline completions and a chat assistant inside the editor they already use. Every request runs through AIRA instead of an outside provider, so the code they are working on stays in the workspace.

QwenCode

A coding agent that plans and edits across files from the terminal. It works only against the in-workspace endpoint, so repository contents never leave the boundary.

Aider

Pairs with you from the command line and proposes diffs you review before they land. The prompts and the code it reads both stay inside the workspace.

Biomni

An agent for biomedical tasks that can reason over study data in place. Sensitive cohorts stay within the trust boundary while it works.

AIRAlock

Reviews files queued for egress and flags possible disclosure risk, helping the airlock approver decide what is safe to release.

OMOP Cohort Builder

Turns a plain-English description into an OMOP cohort definition and supports phenotype review, all against governed data inside the workspace.

DocIntel

Pulls structured fields out of free-text documents such as reports and letters, turning them into analysis-ready tables without anything leaving the boundary.

Plus more...

With more applications and integrations to be added in future development.

Workspace Interaction:

How a workspace talks to AIRA

Researchers reach AIRA from inside their workspace, never the open internet. An administrator entitles each workspace to specific models, and every request flows through a single endpoint to whichever inference backend the organisation has chosen. The path below is the same regardless of where the model actually runs.

Administrator control plane:
entitles workspaces to models
Air-gapped workspace
no general outbound network
AIRA AIRA AIRA endpoint
model-server entitlement
Inference backend
location is a deployment choice
Governance Layer:

Four protections built in

They hold regardless of which application is calling.

AIRA 1

Inference stays inside the boundary

The model runs inside the workspace. The data you show it never leaves to be processed, so real data can go into a prompt safely.

AIRA 2

Administrator-controlled access

The organisation decides which workspaces can reach which models, set per workspace and revocable at any time. The researcher does not choose.

AIRA 3

A single sanctioned path

The workspace has no other way out, so AIRA is the only route to a model. A capable option inside the workspace removes the reason to go around it.

AIRA 4

Control over where inference runs

The organisation picks the topology based on cost, infrastructure, data locality and models. When inference runs outside, the organisation owns that relationship.

Enforceable AI Governance

Why this matters for health data research

A TRE depends on being able to account for what happens to the data inside it. A language model is useful enough that people will route around controls to reach one. With AIRA the model runs where the data already sits, or behind a boundary the organisation controls; access is decided by the organisation rather than the individual; and there is a single sanctioned path.

When AI tools put sensitive data at risk

Understand the risks of AI in research settings and how Aridhia enables safe, compliant, and fully audited use of LLMs inside Trusted Research Environments.

Secure AI in a TRE   

Model Management:

Add as many models as you need

AIRA is a transparent API layer in front of OpenAI-compatible and other models, so each one behaves exactly as it normally would while every request stays governed and audited. The same layer keeps the cost of running many models down by loading each only when it is in use.

How AIRA manages the models behind the endpoint:

Loaded on demand

Add as many models as you like. Each one is only spun up while it is actively being used, so a large catalogue does not mean a large bill.

Auto-scaling nodes

Each model scales out across nodes to meet demand and scales back to zero when it is idle. You set the node configuration and limits, and pay only for the compute a model is actually using.

Priority and queueing

Set the priority of each model. Requests that cannot run straight away wait in a queue until their model is free, so batch jobs fill spare compute without interrupting real-time use.

Multiple instances

Run more than one deployment of the same model. Keep a dedicated high-priority instance for code completion and a separate lower-priority one for batch work.

Custom models

Bring your own model as a Docker container. Proprietary models trained on sensitive data run inside the DRE without leaving it, built the same way as the models Aridhia ships.

Everything audited

Every request is recorded. When a prompt references workspace files or blobs, those file accesses are captured in the audit trail too.

AIRA priority queuing

AIRA Priority Queue
AIRA AIRA
Fig. The model server queues by priority and loads each model only while it is in use
Deployment Topologies:

Three ways to run the inference

Same workspace-facing endpoint, same controls. Only where the compute sits, and who runs it, changes.

One Managed Boundary
Workspace
Secure Data
AIRA AIRA AIRA
Governance
GPU
Inference Instance

  DRE Azure Subscription

Option 1

Inference in the DRE Azure subscription

The GPU and inference instance run inside the DRE's own Azure subscription, in the same environment as the workspaces. That subscription can be managed by Aridhia, or be the customer's own tenancy. There is nothing extra to provision or connect, and it is the default option.

Option 2

Inference on an external GPU, boundary extended

Run inference on your own GPU cluster or another cloud. AIRA extends the trust boundary to include that external GPU over a secure private connection, so the same protections apply and the workspace endpoint stays the same.

Extended Boundary
Azure subscription
workspaces · AIRA
External GPU
cluster

  Secure link between Azure and cluster.

Inside Boundary
Workspace
AIRA AIRA AIRA
AWS Bedrock
account owned by org
  Governed egress only. Direct path from workspace is blocked.
Option 3

Governed pass-through to a hyperscaler

For models you don't host, AIRA provides a governed pass-through to a managed service, with AWS Bedrock as the example. Data does leave the Azure boundary, so the organisation owns the provider account and configures residency, retention, connectivity and audit.

The same interface in every topology

Inference reached from inside the workspace, access entitled per workspace by an administrator, a single sanctioned path. Only the backend changes, a deployment decision made behind the endpoint. An organisation can choose the topology that fits its cost, sovereignty and capability needs without changing how researchers consume AIRA.

Empowering health data research teams without sacrificing governance

If you want to know more about how AIRA works within the Aridhia DRE, or want to explore which topology fits your organisation, get in touch.


Contact Us   

Further Reading

Understand the risks of AI in research settings and how Aridhia enables safe, compliant, and fully audited use of LLMs inside Trusted Research Environments.
Discover the potential of AI in healthcare, from accelerating research to improving patient outcomes, with Aridhia’s secure and scalable platforms.
Assess your organisation's readiness to govern AI use on sensitive data. Use our assessment tool to quickly gain a picture of how ready you are for AI.
For researchers, data custodians, and life sciences teams navigating AI adoption in sensitive data environments. Technical deep-dives, governance perspectives, and practical guidance from the Aridhia team on using AI responsibly within a Trusted Research Environment.