# Phala **Phala** is a cloud platform for confidential AI execution using hardware-backed Trusted Execution Environments (TEEs). It lets developers run AI workloads, agents, and LLM models inside secure, isolated processors whose code integrity is cryptographically verifiable. The promise is simple; run AI on someone else's hardware without trusting that someone else. The TEE protects data and code from the host OS, the hypervisor, the cloud operator, and other tenants. Every result can carry a proof attesting to exactly what code ran on what data. ## Key characteristics - **Confidential computing**: workloads run inside hardware-backed TEEs (Intel TDX, AMD SEV-SNP, NVIDIA Confidential Compute) that shield data and code from the OS and other tenants. - **Verifiable execution**: every result carries cryptographic attestations users can verify independently. - **GPU support**: NVIDIA H100, H200, and B300 GPUs with TEE-backed runtime proof and public attestations. - **Docker-compatible deployment**: existing Docker Compose workloads move into confidential CPU or GPU machines without major rewrites. - **LLM endpoints**: OpenAI-compatible private LLM endpoints (Qwen, MoonshotAI, others) with private prompts. ## Why this matters Three classes of problems get unlocked once compute is provably private; 1. **Regulated industries**: healthcare and finance can offload AI compute without breaking HIPAA or trading-data confidentiality. 2. **Multi-party AI**: parties that don't trust each other can pool data through a TEE without exposing it. 3. **Verifiable AI agents**: autonomous agents whose behavior can be cryptographically audited become possible — useful for both decentralized AI and high-stakes enterprise use. ## Compliance and trust signals - SOC 2 Type I certified - HIPAA compliant - 99.9% uptime SLA - 5,000+ users globally ## My take Confidential computing is the missing piece for AI in regulated, multi-party, and adversarial contexts. Most cloud AI providers ask you to trust them; Phala replaces trust with attestation. That's a fundamentally different security model. For [[AI Privacy]], this is one of the few approaches that actually solves the "your prompts are visible to the provider" problem at the infrastructure layer rather than at the policy layer. ## References - https://phala.com ## Related - [[AI Privacy]]