By James Aspinwall, co-written by Alfred Pennyworth (my trusted AI) — March 7, 2026, 07:31
Dream is not building another cybersecurity product. They are building sovereign AI systems for governments — the kind that run inside classified networks, air-gapped data centers, and national infrastructure where no data leaves the country and no external cloud provider touches the compute. Founded in January 2023 by Shalev Hulio (former NSO Group CEO), Sebastian Kurz (former Prime Minister of Austria), and Gil Dolev (cyber expert), Dream hit $130 million in annual sales to governments within two years and raised $100 million at a $1.1 billion valuation in February 2025.
They opened Israel’s first sovereign AI data center near Modi’in — NVIDIA B200 GPU clusters, InfiniBand networking, large-scale storage — purpose-built for training proprietary language models inside controlled environments. Offices in Tel Aviv, Vienna, and Abu Dhabi. The sovereign AI infrastructure market is projected at $250 billion as nations pivot from globalized cloud dependence to localized data fortresses.
This is a company operating in a world where WorkingAgents’ design principles — per-user data isolation, access control, on-premise deployment, crash-recoverable scheduling — are not features. They are requirements.
What Dream Does
Dream builds AI-powered cyber resilience for national-scale environments. Their thesis: cybersecurity is fundamentally a language problem. Logs, configurations, commands, alerts, threat intelligence — all forms of text. Train language models on this text, and you get AI that thinks like both a defender and an attacker.
The Platform
Dream’s platform operates as a decentralized system with local and national components:
Discovery App — Deploys within each organization to scan networks, map all assets, connections, and potential vulnerabilities. No installation of additional hardware or software required.
Agent Orchestrator — Aggregates data from Discovery Apps across organizations and feeds it to Dream’s AI models for classification and threat analysis.
Cyber Language Model (CLM) — Dream’s proprietary family of language models trained specifically for cybersecurity operations. The CLM classifies assets by role, exposure, and business impact. An autonomous labeling pipeline using a cascade of open-source models (LLaMA 3.3, LLaMA 4, Qwen 72B) runs on NVIDIA NIM microservices for scalable inference.
National Training Factory — Classified data flows to a national-level facility where Dream trains LoRA adapters customized for each organization using distributed GPU infrastructure. Local improvements feed back into the global model — continuous learning at national scale.
Four Foundation Models
| Model | Purpose |
|---|---|
| Cyber Language Model (CLM) | Analyzes security text — logs, configs, alerts, threat intelligence |
| Hacker Replication Model | Simulates attacker methodologies to predict attack vectors |
| Anomaly Detection & Incident Response | Identifies unusual activity and enables rapid defensive response |
| Dreamer (Chatbot) | Conversational security advisor — natural language queries about networks, vulnerabilities, threats |
Core Capabilities
Comprehensive Network Visibility — Real-time mapping of all assets, connections, and vulnerabilities across physical, virtual, and identity infrastructure. Identifies unauthorized access points and misconfigurations without manual audits.
Threat Exposure & Risk Intelligence — Autonomous risk identification. Correlates alerts across multiple attack paths, generating consolidated threat predictions that reduce false positives and alert fatigue.
Predictive Detection — Proactively identifies high-risk attacks targeting critical assets before they materialize. Thinks like an attacker to anticipate the next move.
Cyber Advisor — Expert-driven insights with tailored mitigation strategies. Real-time recommendations against emerging threats. Answers natural language questions about the network.
Sovereign Deployment
This is Dream’s defining characteristic. The entire stack — data, compute, models, training, inference — runs within national infrastructure:
- Air-gapped systems — No internet connectivity required
- Classified networks — Meets government classification standards
- Full national control — Data, model weights, training processes, and deployment workflows under sovereign authority
- No external dependencies — No cloud provider, no third-party API, no data leaving the country
Shalev Hulio: “When artificial intelligence enters government domains and national infrastructure, building a strong model is not enough. You must also control the conditions in which it is trained and deployed.”
The AION Platform
Dream’s sovereign AI platform gives customers full control over:
- Model weights and architectures
- Training data and processes
- Deployment workflows and environments
- Inference pipelines and scaling
This is not “deploy to our cloud.” This is “we build the AI factory inside your borders.”
The Numbers
| Dream | Value |
|---|---|
| Valuation | $1.1B |
| Series B | $100M (Feb 2025) |
| Annual sales (2024) | $130M+ |
| Founded | January 2023 |
| Lead investor | Bain Capital Ventures |
| Other investors | Group 11, Tru Arrow, Tau Capital, Aleph |
| Offices | Tel Aviv, Vienna, Abu Dhabi |
| GPU infrastructure | NVIDIA B200 clusters |
| Inference stack | NVIDIA NIM microservices |
| Open models used | LLaMA 3.3, LLaMA 4, Qwen 72B |
| Target market | Sovereign AI ($250B market) |
| Sectors | Cybersecurity, healthcare, transportation, finance, government |
Why This Matters for WorkingAgents
Dream operates in environments where most AI companies cannot go. Air-gapped networks. Classified systems. Government facilities where AWS and Azure are not options. These environments have the strictest possible requirements for data isolation, access control, auditability, and operational resilience — and they need operational orchestration as much as any commercial enterprise.
WorkingAgents was built with these principles embedded in its architecture, not bolted on as enterprise features. The alignment is structural.
The Synergy Map
1. On-Premise Orchestration for Sovereign Environments
Dream’s platform generates actions that need scheduling, tracking, and follow-up. When the CLM identifies a critical vulnerability, someone needs to be notified. When a threat prediction fires, remediation tasks need to be assigned and tracked. When an anomaly is detected at 3 AM, an escalation chain needs to execute automatically.
WorkingAgents provides this operational layer:
- Alarm system — Schedule vulnerability assessments, recurring scans, compliance checks. “Re-scan this network segment every 4 hours.” “If no remediation within 48 hours, escalate.”
- Task manager — Track remediation tasks from detection to resolution. Assign, prioritize, set deadlines, verify completion.
- Push notifications — Alert security personnel via Pushover when critical threats are detected. Configurable priority levels match security severity.
- Crash recovery — If the orchestration process restarts (server maintenance, power event), all pending tasks and scheduled alarms survive. SQLite-backed persistence.
The critical detail: WorkingAgents runs on Elixir/BEAM, which deploys on-premise with zero cloud dependencies. No external API calls. No data leaving the network. The entire orchestration layer — scheduling, notifications, task management, access control — runs inside the sovereign perimeter.
2. Per-User Data Isolation Meets National Security
WorkingAgents uses per-user SQLite databases. Each user’s data — tasks, alarms, CRM contacts, conversation history — is physically isolated in its own database file. No shared tables. No multi-tenant database where one query could accidentally expose another user’s data.
In a sovereign cybersecurity environment, this maps to:
- Per-organization isolation — Each government agency or infrastructure operator gets its own database. The energy ministry’s threat data is physically separate from the defense ministry’s.
- Per-analyst isolation — Each security analyst’s investigation workspace is isolated from colleagues. No cross-contamination of classified investigations.
- Auditable data boundaries — The isolation is not logical (row-level security) but physical (separate files). An auditor can verify data separation by inspecting the filesystem.
Dream’s AION platform gives customers control over model weights and training data. WorkingAgents gives them control over operational data with the same principle: nothing shared, everything isolated.
3. Access Control for Classified Operations
WorkingAgents implements granular, per-user, per-tool access control. Every MCP tool call is gated by a permission check. This is not “admin or not admin.” It is “this user can use the network scan tool but not the remediation tool” or “this analyst can view threat predictions but not modify detection rules.”
In Dream’s environment, this maps to security clearance levels:
- Tool-level permissions — Analyst A can query the Dreamer chatbot. Analyst B can trigger automated scans. Only the CISO can approve remediation actions.
- Module-level isolation — The NIS (CRM) module tracks contacts. The Monitor module tracks system health. The Task module tracks remediation. Each module has its own permission key.
- Encrypted keys — WorkingAgents uses AES-256-CTR encryption for access control keys. Keys never leave the server process — never serialized to API responses, logs, or external output.
- Audit trails — Every permission grant, revocation, and denial is tracked. When a government auditor asks “who had access to what and when,” the answer is in the database.
4. Agent Orchestrator Integration
Dream’s architecture includes an “Agent Orchestrator” that aggregates data from Discovery Apps across organizations. WorkingAgents is, at its core, an agent orchestrator — built on the BEAM runtime that provides:
- Process isolation — Each agent runs in its own Erlang process with its own memory. A crashed agent does not corrupt other agents.
- Supervision trees — Crashed processes restart automatically. The orchestrator self-heals.
- Preemptive scheduling — The BEAM interrupts long-running processes after a fixed reduction count. No single agent can starve the system. Critical in security environments where one runaway analysis must not block threat detection.
- Message passing — Agents communicate via GenServer messages. Fire-and-forget (cast) for alerts. Request-response (call) for queries. The same primitives Dream’s orchestrator needs.
WorkingAgents could serve as the operational scheduling and state management layer within Dream’s agent orchestrator — handling the “what happens next” after the CLM produces its analysis.
5. Alarm-Based Threat Response Chains
Dream’s platform detects threats. The question is: what happens after detection?
WorkingAgents’ alarm system enables automated response chains:
CLM detects anomaly
→ WorkingAgents creates high-priority task
→ Alarm schedules re-scan in 30 minutes
→ If anomaly persists → escalate to CISO via push notification
→ If no acknowledgment in 1 hour → trigger automated containment workflow
→ Log every step with timestamps and provenanceEach step is persistent. Each alarm survives restarts. Each notification is tracked. Each escalation has an audit trail. The retry logic handles transient failures with exponential backoff. The timeout sweep catches stale operations.
This is the operational logic that turns threat detection into threat response — and it runs entirely on-premise, inside the sovereign perimeter.
6. Multi-Sector Expansion
Dream targets cybersecurity today but is expanding into healthcare, transportation, finance, and government decision support. Each sector needs operational orchestration:
| Sector | WorkingAgents Fit |
|---|---|
| Healthcare | Patient follow-up scheduling, clinical workflow tracking, compliance audit trails |
| Transportation | Infrastructure inspection scheduling, incident escalation chains, maintenance tracking |
| Finance | Transaction monitoring alerts, regulatory deadline scheduling, risk assessment workflows |
| Government | Decision pipeline tracking, inter-agency task coordination, classified document workflows |
WorkingAgents’ module structure — NIS for contacts/relationships, Tasks for workflow tracking, Alarm for scheduling, Monitor for health checks, Pushover for notifications — maps to every sector Dream enters. The orchestration needs are the same; only the domain data changes.
7. The NVIDIA Ecosystem Connection
Both Dream and WorkingAgents connect to NVIDIA’s ecosystem:
- Dream uses NVIDIA B200 GPUs for training and NIM microservices for inference
- Dream’s inference pipeline runs LLaMA and Qwen models — the same open models WorkingAgents could use via Fireworks AI or Baseten
- NVIDIA’s sovereign AI initiative is deploying AI factories across Europe and the Middle East — exactly where Dream operates (Vienna, Abu Dhabi)
A combined Dream + WorkingAgents deployment on NVIDIA sovereign infrastructure represents a complete stack: NVIDIA provides the compute, Dream provides the cybersecurity AI, WorkingAgents provides the operational orchestration. All on-premise. All sovereign.
The Partnership Path
Phase 1: On-Premise Proof of Concept
Deploy WorkingAgents alongside Dream’s platform in a non-classified test environment. Demonstrate alarm-based threat response chains, per-organization data isolation, and access-controlled tool execution. Validate that the Elixir/BEAM runtime meets sovereign deployment requirements.
Phase 2: Integration with Dream’s Agent Orchestrator
Connect WorkingAgents’ scheduling and task management to Dream’s agent orchestrator via internal APIs. When the CLM classifies a threat, WorkingAgents creates the task, schedules the follow-up, and manages the escalation chain. No external network calls. Everything inside the perimeter.
Phase 3: Multi-Sector Expansion
As Dream enters healthcare, transportation, and finance, WorkingAgents provides the operational orchestration for each vertical. Same platform, different domain configurations. Per-user databases isolate each organization. Access control gates each tool per user role.
Phase 4: Sovereign AI Reference Architecture
Co-publish a reference architecture for sovereign AI operations: Dream for AI models and threat intelligence, WorkingAgents for operational orchestration and state management, NVIDIA for compute infrastructure. Position the combined stack for the $250 billion sovereign AI market.
The Bottom Line
Dream is building AI for environments where trust is not negotiable. Air-gapped networks, classified systems, national infrastructure — places where commercial cloud providers are not allowed and where operational failures have consequences measured in national security, not revenue.
WorkingAgents was designed with the same constraints in mind, even before sovereign AI became a market category. Per-user data isolation is not a feature we added for enterprise — it is the architecture. Access control is not a layer on top — it is baked into every tool call. Crash recovery is not optional — it is the BEAM runtime’s default behavior. On-premise deployment is not a special configuration — Elixir runs anywhere.
Dream has the AI models that think like defenders and attackers. WorkingAgents has the operational engine that schedules, tracks, escalates, and ensures things get done — inside the sovereign perimeter, with full audit trails, even when the power goes out and comes back on.
They built the brain. We built the nervous system. Both need to work inside the same locked room.
Sources: