Searxly AI · in active development

Intelligence that
doesn't watch you.

Most browser AI asks you to trust one company's model and its data practices at once. Searxly AI separates them: open models, run on-device by default, grounded in your private search, never trained on your chats — with the compute location your choice and the privacy non-negotiable.

Where the thinking happens

On-device is the default, not the afterthought.

When the AI runs locally — Apple Intelligence or your own local model — your prompts, attached files and retrieved context never leave the Mac. You can confirm it with a network monitor. The private cloud exists for when you want more horsepower, but it's strictly opt-in, and turning it on shows you exactly what will leave the machine before anything does.

  • Local model by default — verifiable with a network monitor
  • A first-enable egress confirmation, in plain language
  • The cloud still has to be picked per chat — never silent
Your prompt
↓  grounded in your own SearXNG
🔒 Page text → Bulwark
Untrusted content sanitized before the model reads it
🔒 On-device model · default
Prompts & context stay on the Mac
— or, only if you opt in —
Independent cloud opt-in
Decentralized GPUs · egress confirmed first · no ad identity
Answer + citations + activity log
No training on your chats · no behavioral profile
The guarantees

Privacy by architecture, here too.

On-device by default

The default model runs on your Mac. Prompts, attached files and retrieved context never touch a server unless you explicitly choose the cloud.

Egress you confirm

Enabling Searxly AI shows a first-run egress alert spelling out that prompts, summarized page text and search results would leave the Mac. No surprise uploads.

No training, no ad identity

There is no training on your conversations and no behavioral profile. The intelligence is a tool, not a data-collection funnel.

Master kill-switch

One switch makes the entire AI layer inert — off until you turn it on, and instantly off again when you want it gone.

Panic-wipe its memory

Strict privacy mode and panic-wipe clear the AI's on-device memory along with the rest of your local data, instantly.

Every action logged

Tool use is shown in the chat and written to an activity log you can read and export — nothing happens behind your back.

Agentic only with consent

Tools can search privately, open a verified official site, or read a file you attach — but one toggle decides whether they run automatically or ask first, and every action is reversible.

Grounded in private search

Answers are synthesized from your own local SearXNG with citations — never a public index, never an ad network, never your intent for sale.

🛡

Bulwark on every page

Before the model reads page text, it passes through Bulwark — the five-layer prompt-injection shield — so a hostile page can't hijack the assistant.

Typical browser AI

  • Your prompts train someone else's model by default
  • Silent profiling tied to an ad identity
  • Runs only on their hardware, on their terms
  • Page content can quietly hijack the assistant

Searxly AI

  • No training on your conversations
  • No ad identity, no behavioral profile
  • On-device or independent cloud — your call
  • Bulwark-shielded against prompt injection
The honest part

If you opt into the cloud, data leaves — and we say so.

The private cloud runs open models on independent, decentralized infrastructure rather than a Big-Tech data center built to profile you. But it's still off-device: the prompt and the context you include are sent to the provider that runs the model so it can reply. We don't attach your identity to it and it isn't used to advertise to you — and if you'd rather keep everything local, leave the cloud off. On-device is the default for a reason.

"Capability without surveillance."

If an AI can only be useful by watching you, it isn't the one we'll ship.

More on Searxly AINext: Data at rest