The Future of AI May Be Running on an Old ThinkPad

Insights, ML&AI Knut Svendsen

You often hear about artificial intelligence as if it only exists inside enormous data centers. Newscasters love to show rows of GPUs using massive amounts of electricity and water for cooling. Foundation models trained on the internet are real, but it is not the only future.

This weekend I brought an old project back to life on a Lenovo ThinkPad L380 from 2018 running Pop!OS. Nothing complicated, just Linux, Python, Ollama, a small local language model, and a cybersecurity application I’ve been building called PyLog. And it works beautifully.

The machine is running a local model through Ollama. In this case phi3:mini, a compact model of around 2.2 GB. PyLog used it to analyze synthetic firewall logs and explain events that looked suspicious; blocked SSH attempts, probing of RDP and SMB, outbound traffic to odd ports, and other patterns a security analyst would want to investigate. This is not artificial general intelligence. It is something more practical that I call controlled intelligence.

Security Logs Are Behavioral Data

This is one of the core ideas behind PyLog. Security logs are not ordinary language. They are behavioral exhaust from systems, networks, users, and applications. A firewall event has meaning because of context:

  • Who is the source?
  • What is the destination?
  • Is this port expected?
  • Has this host communicated this way before?
  • Is this inbound or outbound?
  • Was the connection blocked or allowed?
  • Did similar events happen seconds earlier?
  • Is this a one-off event or part of a pattern?

A large generic model may be able to explain what port 22 is. It may know that port 3389 is used for RDP, that port 445 is associated with SMB, and that port 4444 is often suspicious, but that is not enough. The real value comes from combining deterministic log parsing, security rules, local context, and a small AI model that explains what matters in plain language. That is why I believe the future of AI in many domains will not be one giant model answering everything, it will be specialized systems.

Local AI Changes the Trust Boundary

Running AI locally also changes the security and governance model. If I send my firewall logs to an external AI service, I am not only sending text. I am sending a behavioral map of my environment. Logs can reveal internal IP ranges, exposed services, naming conventions, security controls, misconfigurations, user behavior, system dependencies, and incident patterns. Even if the data is “anonymized,” the patterns themselves may still reveal something meaningful about the organization.

For a company, it means telemetry can stay inside the trust boundary. For a security team, it means AI can operate close to the source without exporting sensitive operational data to a third party. This is especially important in Europe, where sovereignty, privacy, and control are not abstract concerns. They are board-level concerns.

The Old ThinkPad Test

That is why I like the old ThinkPad example. A Lenovo L380 from 2018 is not the machine most people associate with AI. It is a business laptop. It is several years old. It is the kind of device many organizations still have in use. And yet, with Linux and a small model, it can run a local AI workflow to perform a specific task; assist with interpreting firewall logs. We need local machines to run useful, narrow, domain-specific AI workflows.

Reducing Dependency on Giant AI Platforms

I am not arguing that large AI data centers will disappear. They will continue to matter for frontier research, broad consumer AI, scientific workloads, and training large general-purpose models. However, I do believe that the future of AI is not only centralized. A lot of the next wave may happen at the edge:

  • On laptops.
  • Inside factories.
  • Inside hospitals.

AI does not always need to live far away from the data. Sometimes the smartest architecture is to move the intelligence closer to where the data is created. That is especially true when the data is sensitive, high-volume, or operationally specific.

A focused AI system does not try to answer every possible question. It is designed for a domain. It understands the data structures and workflows. It has guardrails. It can explain its reasoning against evidence. It can be measured against specific outcomes.

  • Can it improve over time from analyst feedback?

Those are measurable outcomes.

That is where AI becomes operational technology, not just a chatbot.

The Next Breakthrough May Be Smaller

The AI industry often behaves as if progress only moves in one direction, and that’s bigger. But maturity can be the opposite. Computers started in data centers and moved to desks, homes, pockets, cars, watches, routers, cameras, and industrial systems.

AI will follow a similar path. The first wave is centralized and massive. The next wave may be distributed, specialized, private, and local. It means we stop assuming every AI problem requires a giant model in a giant data center. Often, the better question is:

What is the smallest model that can do this job well?

For PyLog, that is the design philosophy.

  • Keep the data local.
  • Use deterministic systems where they are stronger.
  • Use AI where explanation and interpretation add value.

Conclusion

Running PyLog on an old ThinkPad is a small experiment, but it points to a larger idea. The next generation of useful AI may not only come from the largest data centers in the world. Some of it may come from an old ThinkPad, a Linux terminal, a small model, and a very specific problem worth solving.