AI-native operating system

Phase 1 · Microkernel PoC Runs on real hardware v0.3.0-alpha.1

The full power of modern AI, on a computer you actually control.

NexaCore OS treats inference, model orchestration, and intelligent agents the way classical systems treat processes and files — as kernel-level primitives. Intelligence runs locally by default. When a task needs more compute than one machine has, the system federates with other instances over a peer-to-peer mesh of attested nodes.

Why a new operating system

Today's systems were designed before modern AI.

The operating systems most people use were architected for a world without large models. AI capabilities are bolted on afterwards, reached through cloud APIs owned by a handful of companies. The implicit price is your data: prompts, documents, and context become someone else's telemetry.

We accept this because the alternative usually looks like running a small model on a laptop with a fraction of the capability. NexaCore OS proposes a different arrangement — one where the operating system itself is the orchestrator, and the network is made of peers rather than landlords.

NexaCore OS is an AI-native operating system: a custom microkernel, written in Rust from scratch, whose kernel and runtime treat AI inference, model orchestration, and agents as first-class system services — on par with sockets and files.

Three commitments shape every design decision. Intelligence runs locally by default. Privacy is enforced by cryptography, not by a policy that can be quietly changed. Scale comes from cooperation between peers, not from renting capacity.

What is different

Five properties, each tied to a mechanism.

NexaCore OS avoids adjectives that cannot be checked. Every property below names the specific mechanism that produces it.

Local-first

By default, nothing leaves the device. The default execution tier runs entirely on local hardware, with no network involved — the private path is the path of least resistance, not an opt-in buried in settings.

Privacy by construction

Personal data is tokenized at the system-call boundary, and mesh payloads are wrapped in envelopes only the destination's verified hardware can open. A non-compliant node cannot produce valid traffic — the cryptography will not let it.

AI as a kernel primitive

Inference, embeddings, classification, and transcription are exposed as system calls, the same way reading a file is. Applications request intelligence from the OS rather than shipping data to a remote API.

Peer-to-peer mesh

When local compute is not enough, NexaCore OS federates with other instances over a peer-to-peer mesh: collective compute among people running the same software, coordinated without a central server.

Hardware-rooted trust

Joining the mesh requires an attestable Trusted Execution Environment — Intel TDX or AMD SEV-SNP at launch. Peers prove what code they are running before any payload is exchanged. There is no best-effort fallback.

Capability-based security

Unix-style ambient permissions are replaced by capability tokens: scoped to one action and resource, short-lived, attenuable, and revocable. A program that was not granted a capability cannot perform the action — full stop.

Current build · v0.3.0-alpha.1 · 2026-05-20

34
Rust crates
3,799
Automated tests
58
System calls
100%
Rust · no C runtime

How compute scales

Four tiers, from one device to a global mesh.

NexaCore OS chooses the smallest tier that can serve a request. Each step outward is explicit, and each preserves the same privacy guarantees.

0

Local only — the default

Runs entirely on your device. No network involved. Used for sensitive data and offline work.

up to ~8B params
1

Personal cluster

Your own devices on the same network discover one another and split a model across them, encrypted end to end.

up to ~70B params
2

Federated mesh

An opt-in peer-to-peer network of attested nodes. A Mixture-of-Experts design activates only a small slice of a large model per token, so cross-node traffic stays low.

100B+ params
3

Commercial cloud — last resort

Available only with explicit, per-request consent, when no other tier can serve the task. Never silent, never the default.

opt-in only
Privacy is not a setting in a menu. It is the only thing the protocol knows how to do.

NexaCore OS · design principle

Where the project stands

Built in the open.

NexaCore OS is closing Phase 1 (the microkernel proof of concept) and has entered Phase 2 (the AI runtime) in parallel. The list below describes what runs today, not what is planned.

Running today

The kernel boots bare-metal on x86-64 via UEFI and renders an interactive graphical desktop. It brings up multiple CPU cores (live INIT-SIPI, cross-CPU context switching, TLB shootdown), runs user-space drivers for NVMe, VirtIO-net, and e1000e on real hardware, and serves a from-scratch AI inference pipeline — a transformer with GGUF model loading and a byte-level tokenizer — from a Ring 3 process, verified on hardware.

In progress

Block-device request/response plumbing, interrupt wiring for drivers, and the end-to-end NVMe storage loop are the active workstream. The peer-to-peer mesh, the agent framework, and the wider standard library are scaffolded and advancing. Concrete TEE backends (TDX, SEV-SNP) replace the development mock as the security layer matures.

Go deeper

The architecture, the security model, and the scripting language.

The technical deep dive covers the microkernel and its system-call ABI, the AI runtime, the cryptographic privacy mechanisms, and ncScript — the capability-gated scripting language — with real, runnable examples.

Open the technology page