Core Concepts

The Veil, Confidential execution

Every job runs in a sealed enclave. The operator supplies compute but never sees your prompt, working data, or output, enforced by hardware, not policy.

How it works

Each job is dispatched into a confidential environment on the chosen node. Techniques in scope span the confidential-computing spectrum:

  • TEE, trusted execution environments (e.g. SGX-class) seal execution so even the host cannot read the workload.
  • FHE, fully homomorphic encryption for select workloads that compute directly on ciphertext.
  • MPC, secure multi-party computation splits trust across parties.

What's sealed

Inside the Veil, the node operator cannot observe:

  • Your prompt and system instructions
  • Working data, documents, embeddings, retrieved context
  • The model's output
  • Agent memory, tools, and API keys, for sealed agent runs

Privacy attestation

On completion the enclave emits a signed privacy attestation, rooted in hardware attestation, proving the workload ran in an approved confidential environment. This attestation is bound into the job's Green Compute Certificate, so privacy is a receipt you can audit, not a promise on a landing page.

Use cases

  • Regulated data, health, legal, finance, that can't leave your control in the clear.
  • Confidential fine-tuning and private RAG over your own documents.
  • Bring-Your-Own-Model hosting where weights are never exposed to operators.
"Send it to someone else's GPU" is a non-starter for proprietary data, unless it comes back with a verifiable receipt. The Veil is that receipt.