Skip to main content
Confidential AI overview - run AI models with hardware-level privacy in GPU TEEs

Why Confidential AI?

Traditional cloud AI deployments ask you to trust the platform operator and the upstream model provider. Phala Confidential AI runs inference through an attested gateway and verified TEE providers, then gives you cryptographic evidence for each response. The on-demand API is OpenAI-compatible and served through an Attested Confidential Inference (ACI) gateway. Every response includes a signed receipt, and the gateway publishes an attestation report that proves which TEE workload served the request. Confidential model responses additionally show, in the receipt, that the upstream provider was verified and channel-bound before your prompt was forwarded. Phala Cloud offers pre-deployed Models (API or Dedicated) for quick integration, and GPU TEE for custom infrastructure. See available models for supported models, use cases, and deployment options.

API Access

Pre-deployed models, pay per requestBest for quick integration. 5 minute setup with OpenAI-compatible API and no infrastructure management.

Dedicated Models

Same models, dedicated performanceBest for high-volume workloads. Same API as API Access, but with hourly billing and dedicated GPU resources.

GPU TEE

Custom infrastructure, full controlBest for custom models. Rent dedicated GPU TEE servers for training, fine-tuning, or any custom workload.

Quick Tour of Confidential AI

Models: API and Dedicated

API Access provides pre-deployed models through an OpenAI-compatible API at https://inference.phala.com/v1. Pay per request with no infrastructure to manage. Start with API Access. For advanced API features, explore Tool Calling to enable LLMs to interact with external tools and APIs securely within TEE. Dedicated Models give you the same pre-deployed models but with dedicated GPU resources and hourly pricing. Choose this for predictable performance or high-volume workloads. See Dedicated Models.

GPU TEE: Custom Infrastructure

For complete infrastructure control beyond pre-deployed models, use GPU TEE to rent dedicated GPU servers. Run any workload including custom models for inference, training, or fine-tuning. Configure GPU, CPU, RAM, and storage to match your exact needs.

Verify Attestation and Receipts

To verify the API path, fetch a fresh Attestation Report from GET /v1/aci/attestation. It proves the gateway workload identity, TEE quote, source provenance, and public keyset used to sign receipts. Then use the response x-receipt-id header to fetch the Receipt. The receipt binds request and response hashes to the attested workload and records whether the upstream provider was verified. See Verify a Response for the full flow.

Benchmark

Our benchmark shows GPU TEE mode achieves 99% of native performance on H100/H200 GPUs.

FAQs

Check FAQs for frequently asked questions about Confidential AI.

What makes Phala Cloud Confidential AI Different?

  • Drop-in compatibility: OpenAI-compatible API with popular models (DeepSeek, Llama, GPT-OSS, Qwen) ready for immediate use
  • Verifiable security: Gateway attestation, signed per-response receipts, and upstream verification events you can check yourself
  • Flexible deployment: Choose from API access (pay per request), dedicated models (hourly dedicated GPU), or GPU TEE (full infrastructure control)

Open Source Foundation

Our underlying technology is open source. Check out the dstack repository to see how LLMs run securely in GPU TEEs.