Confidential inference
Inference runs inside hardware enclaves operators cannot see into — Intel TDX or AMD SEV-SNP. The chip hides the prompt, not the operator's goodwill.
When you call a hosted model, the operator must see your input in plaintext to run it. "We don't store your data" is policy, not proof. Omyra removes the operator from the trust equation: inference runs inside a Trusted Execution Environment (TEE) — a hardware enclave the GPU operator cannot read into.
What the operator can and cannot see
| Operator sees | |
|---|---|
| Your prompt | No — sealed in the enclave |
| Model weights at rest | Depends on model licensing |
| That a job ran, and its receipt | Yes — that's the point |
| The plaintext output | No — bound to your wallet |
Dual-vendor by design
Enclaves come in two flavors, and Omyra supports both: Intel TDX and AMD SEV-SNP. Dual support is deliberate redundancy — a flaw discovered in one vendor's enclave does not collapse privacy across the whole network, because the other still holds.
Attestation
Before a job runs, the enclave produces a hardware attestation — a signed statement of which code is running inside trusted silicon. That attestation is folded into the receipt, so a verifier can later confirm the inference happened inside a genuine, unmodified enclave without re-running it.
Dual-TEE support and attested execution are engineering targets informed by production-proven confidential-compute designs — the standard Omyra builds toward, not features claimed as shipped.