Confidential Inference
Encrypted compute — Islands cannot see your data, even while processing it
Confidential Inference
Run AI inference on community hardware without trusting the hardware. Your job input is encrypted before leaving your machine, processed inside a secure enclave on the Island, and the output is encrypted before being sent back. The Island never sees your data in plaintext.
How It Works
1. You generate an encryption key (one-time setup)
2. You encrypt your prompt with the key
3. You submit the job with confidential: true
4. Coordinator routes ONLY to Islands with TEE hardware
5. Island's secure enclave decrypts, runs inference, encrypts output
6. You decrypt the response with your key
The Island’s main operating system, the Island software, and the coordinator never see your plaintext data — only the hardware-isolated enclave does.
Quick Start
1. Generate a key
POST /api/v1/confidential/keys
Response: {"key_id": "ck_a1b2c3...", "public_key": "base64..."}
2. Encrypt your input
POST /api/v1/confidential/encrypt
{"input": {"prompt": "Classify this patient record..."}, "key_id": "ck_a1b2c3..."}
3. Submit a confidential job
POST /api/v1/jobs
{
"workload_id": 42,
"confidential": true,
"encryption_key_id": "ck_a1b2c3...",
"input": {"encrypted": true, "key_id": "ck_a1b2c3...", "ciphertext": "..."}
}
4. Decrypt the response
POST /api/v1/confidential/decrypt
{"output": {"encrypted": true, ...}, "key_id": "ck_a1b2c3..."}
Trusted Execution Environments
Confidential jobs only run on Islands with verified TEE hardware:
| TEE | Hardware | Supported |
|---|---|---|
| Intel SGX | Intel CPUs with SGX support | Yes |
| AMD SEV | AMD EPYC processors | Yes |
| ARM TrustZone | ARM-based devices | Yes |
| AWS Nitro | AWS Nitro Enclaves | Yes |
Islands automatically detect their TEE hardware and report it to the coordinator. You don’t need to specify which TEE to use — the coordinator routes to any attested Island.
Privacy Guarantees
| What | Protected? |
|---|---|
| Your input data | Yes — encrypted end-to-end, never visible to Island OS |
| Your output | Yes — encrypted before leaving the enclave |
| Which model you used | No — the coordinator knows the workload |
| That you submitted a job | No — the coordinator manages routing |
Monitoring TEE Availability
GET /api/v1/confidential/stats
{
"tee_types": {"sgx": 12, "sev": 5, "nitro": 3},
"attested_hosts": 20
}
When To Use
| Use Case | Why Confidential |
|---|---|
| Healthcare | Patient data processed without HIPAA exposure |
| Finance | Transaction analysis without revealing account details |
| Legal | Document review without breaching privilege |
| HR | Resume screening without bias disclosure |
| Government | Classified document analysis on community hardware |
Software-Only Option: Homomorphic Encryption
Don’t have TEE hardware? Homomorphic encryption enables confidential inference on any Island — the data stays encrypted throughout processing:
| Mode | Speed | Hardware |
|---|---|---|
| TEE (SGX/SEV) | Full speed (1-3% overhead) | Requires TEE hardware |
| Homomorphic | 10-1000x slower | Works on any hardware |
Homomorphic encryption is best for simple operations (aggregation, classification) where the speed trade-off is acceptable for the privacy guarantee.
Billing
Confidential jobs are billed at the same rate as regular jobs. There is no premium for confidential execution — the TEE overhead is minimal (1-3% performance impact). Homomorphic jobs may cost more due to longer execution times.