The future of AI is not only intelligent — it must be verifiable. Through our partnership with Intel® Trust Authority and adoption of Intel® TDX technology, Phala is strengthening our commitment to make trusted AI deployment simple, scalable, and production-ready. — Marvin Tong, CEO of Phala
As Artificial Intelligence (AI) becomes increasingly integral to enterprise workflows, the challenge of securing sensitive data and proprietary models has never been more critical. While Confidential Computing has emerged as the industry standard for protecting data-in-use, the "trust gap" remains: how can users be certain that their AI models are running on genuine, secure hardware without relying solely on the cloud provider’s word?
Today, we are excited to spotlight how Phala, a leader in decentralized TEE (Trusted Execution Environment) infrastructure, is bridging this gap by integrating Intel Trust Authority. This collaboration brings hardware-grade, independent appraisal to Phala’s Confidential AI ecosystem, ensuring that "verifiability" is at the core of the next generation of AI.
Phala leverages Intel Trust Domain Extensions (Intel TDX) to create hardware-isolated Confidential Virtual Machines (CVMs) powered by the dstack orchestration layer. These environments are designed to host everything from simple web services to complex Large Language Models (LLMs) on TEE-enabled GPUs.
However, in a decentralized or multi-cloud environment, proving the integrity of the hardware and the software stack is complex. Traditional local attestation (DCAP) works well but often requires significant infrastructure to manage and verify. Users need a simpler, cloud-agnostic way to answer the question: "Is this environment truly secure?"
The Root of Verifiability: dstack + Intel Trust Authority
Central to Phala’s mission is dstack, an open-source TEE SDK and guest OS developed by the Phala team. Recently recognized as a Confidential Computing Consortium (CCC) project under the Linux Foundation, dstack serves as the core engine of Phala’s high-performance TEE Cloud, simplifying the deployment of Docker images into TEEs while maintaining a minimal, audit-proof trusted computing base.
Verifiability at Phala is a multi-layered engineering feat. It starts with dstack, which acts as the "Trust OS," abstracting hardware attestation interfaces and providing measurements of the application layer. Phala’s stack addresses security as a whole-system challenge, including:
- Zero-Trust Gateway: A TEE-based gateway that proxies user authentication and encrypts network connections.
- Secure Key Management: A distributed TEE cluster dedicated to secure key generation and lifecycle management.
- Minimalist OS: A customized, backdoor-free base system image designed for maximum security.
Enter Intel Trust Authority: The Independent Appraiser
Intel Trust Authority (ITA) is a collective of trust services designed to provide independent, hardware-based appraisal of TEEs. For Phala, ITA acts as a "third-party auditor" that resides outside the Phala infrastructure.
By integrating ITA, Phala can now offer its users a streamlined, official appraisal of their CVMs. Instead of navigating complex cryptographic proofs, Phala’s verifiers can simply request an appraisal from the ITA API, which returns a signed JSON Web Token (JWT). This token serves as an authoritative, Intel-backed proof of a machine’s security posture, including its Trusted Computing Base (TCB) status and specific hardware configurations.
Verifiable AI in Practice: The Redpill.ai Implementation
This trust model is already being deployed at scale by flagship platforms like Redpill.ai, a private AI service powered by Phala’s infrastructure. Redpill.ai enables users to access powerful LLMs with the guarantee of strict data privacy.
By utilizing Phala’s Private AI Verifier—which integrates directly with Intel Trust Authority—Redpill.ai ensures that:
- TEE Hardware is Genuine: Using ITA to appraise the Intel TDX environment hosting the model.
- Full-Stack Encryption: From network traffic to CPU and GPU processing, all data remains within the Phala TEE.
- Per-Interaction Verifiability: Users can receive a cryptographic verification report for every interaction, proving their data was handled by a verified, untampered model.
Radical Transparency via the Phala Trust Center
Transparency shouldn't be hidden in CLI logs. Phala has also integrated ITA into its Trust Center, a visual portal where anyone can verify the status of Phala’s Cloud CVMs.
In the Trust Center, users can view real-time ITA appraisal results, including:
- Intel Official Backing: Visual confirmation that the environment is appraised by an official Intel service.
- Detailed Claims: Access to specific hardware claims like
tdx_mrtd(identifying the initial state of the VM) and TCB status.
The Future of Verified Compute
The integration of Intel Trust Authority into Phala is more than just a technical update; it’s a commitment to a "Trust but Verify" model for the AI era. By combining Intel’s hardware-level security with ITA’s independent appraisal, we are lowering the barriers for developers to build and deploy AI applications that are secure by design.
As the Confidential Computing ecosystem grows, Intel and Phala remain dedicated to providing the tools necessary to protect the world’s most sensitive data and intelligent models.
Get Started
- Learn more about Intel® Trust Authority.
- Explore Phala’s Trust Center and Confidential AI solutions.
- Check out the Private AI Verifier on GitHub.
