๐ŸŽ‰ We just raised $4.2M in seed funding! Learn more

CONFSEC gives your AI the following guarantees

Prompts are never logged or retained

Prompts are never used for AI training

Prompts are never sent to third parties

Prompts are completely anonymous

Prompts are verified to not be tampered with

System operators do not have access to private computation

[redacted] API

Confident

With 8 key technologies to achieve these guarantees

๐Ÿฅธ Oblivious HTTP (OHTTP)

IETF standard that offers a mechanism to make HTTP requests to a server without revealing to the server the true requester

๐Ÿ–‹ Blind Signatures

Digitally sign something without seeing the content and without linking the later revealed content to the earlier signature

๐Ÿงพ Remote Attestation

Mechanism for a client (โ€œrelying partyโ€) to ask a server (โ€œattesterโ€) to prove its identity and what it is running

๐Ÿ”‘ Trusted Platform Module (TPM)

Secure system that keeps sensitive data hidden and inaccessible from the main operating system

๐Ÿ“ผ Transparency Log

Tamper-proof append-only public record of software packages available for review

๐Ÿ”’ Secure Boot & Hardened OS

Process to ensure booted and running software is trusted + a stripped down version of linux that is more difficult to hack or modify

๐Ÿ–ฅ๏ธ Confidential VM

Virtual machine initialized inside a hardware-based trusted execution environment (TEE) so that the host cannot see inside the virtual machine

๐Ÿค Reproducible Build

Verify that the running binary is the same as what the compiler generates from the source code itself

Together, these technologies create CONFSEC, a private AI inference wrapper

CONFSEC private inference diagram

CONFSEC meets the following requirements

๐Ÿ˜ถโ€๐ŸŒซ๏ธ Stateless Computation

User data is used exclusively to fulfill the userโ€™s request, not available to anyone, and must not be retained, including via logging or for debugging.

๐Ÿ‘ฎโ€โ™‚๏ธ Enforceable Guarantees

Code and infrastructure -- not convention or policy -- is designed to make certain things impossible and to ensure the system behaves correctly

๐ŸŽฏ Non-targetability

An attacker cannot compromise data that belongs to specific users without attempting a broad compromise.

๐Ÿšซ No Privileged Runtime Access

Our staff cannot bypass privacy guarantees for any reason.

๐Ÿ” Verifiable Transparency

Security researchers must be able to verify the security and privacy guarantees and must be able to verify that the software running in production is the same as the software they inspected.

CONFSEC is built by a team with deep expertise in secure systems, AI, infrastructure, and trusted computing. We are from Google, Apple, Databricks, RedHat, and HashiCorp with PhDs from Stanford, Cambridge, and Johns Hopkins.

We bring the security and privacy, you bring the AI.

Get in touch: team@confidentsecurity.com

Privacy Policy