Trusted Execution Environments (TEEs)
A TEE is a hardware-isolated enclave (e.g. Apple Secure Enclave, Intel TDX/SGX, AMD SEV-SNP, AWS Nitro) where code and data are protected from the host OS, the operator, and other processes. Memory is encrypted and access-controlled by the CPU itself. On the network, every compute node runs inside a TEE — so the operator hosting your workload cannot inspect it.Remote attestation
Before a node can serve, it produces a hardware attestation — a signed proof, rooted in the CPU vendor, that it is a genuine enclave running the expected software. The network verifies this; only attestation-verified nodes receive work. When you run inference, the response is tagged with the serving node’s attestation so you can confirm it ran in a real enclave (see Confidential inference).End-to-end encryption (AI inference)
For Grid inference, privacy goes one step further than “TEE on the server”:- Your client fetches the serving node’s public key and encrypts the prompt in your browser/app, sealed to that specific enclave.
- The network relays only ciphertext — the orchestrator never sees your prompt or the response in the clear.
- The node decrypts inside the enclave, runs the model, and seals the reply back to your key.
This is why Grid chat history is never stored server-side — the platform cannot read it by design. Any history is kept client-side.
What this protects against
- A malicious or compromised operator reading your prompts.
- The platform logging or training on your data.
- In-transit interception (the relay only ever holds ciphertext).
What to still consider
- The model output is only as private as where you send it next.
- Attestation proves the enclave is genuine and running approved software; always verify the attestation badge for sensitive workloads.
