GPU-less, Trust-less, Limit-less: Reimagining the Confidential AI Cloud - Mike Bursell

Key Concepts

Confidential AI, Trusted Execution Environments (TEEs), Attestation, Super Protocol, GPUless, Trustless, Limitless, Decentralized AI, Secure Collaboration, Model Monetization, Data Provenance, Digital Marketing Case Study, Healthcare Case Study, SuperAI Marketplace, N8N Automation, Distributed Inference, VLLM, Cryptographic Proofs, Multi-Party Training.

Confidential AI: The Foundation

The video introduces Confidential AI as a transformative technology addressing the critical issue of trust in AI applications. It highlights that data and models are most vulnerable during processing (training, fine-tuning, inference).

• Confidential Computing: The core technology is confidential computing, which utilizes Trusted Execution Environments (TEEs) to protect data and code during processing.
• Trusted Execution Environments (TEEs): TEEs are secure, isolated areas within a processor (e.g., Intel TDX, AMD SEVSMP, Nvidia GPU TEs). They create a confidential environment where code and data are protected even during execution. The chip itself provides isolation using built-in instructions.
• Isolation and Protection: Workloads within a TEE are invisible to the host OS, hypervisor, and anyone with system access, including the hardware owner.
• Attestation: A TEE generates a cryptographic attestation, a signed proof that the workload ran inside verified hardware using unmodified code. This ensures the workload is protected and that it is a genuine TEE.
• Benefits: TEEs enable secure computation on sensitive data without exposing it, forming the basis of Confidential AI.

Real-World Problems and Applications

The video explores several real-world problems where Confidential AI is crucial:

• Healthcare: Accessing and using medical data for AI model training is difficult due to privacy regulations and security policies. Confidential AI allows training models on sensitive data without exposing it, enabling collaboration and improving patient outcomes.
  • Example: Hospitals and labs are hesitant to share raw data sets, hindering medical AI development.
• Personal AI Agents: Mass adoption is limited by privacy concerns. Users, developers, and regulators need strong guarantees that personal data is protected. Confidentiality is essential for the widespread use of these agents.
• Digital Marketing: Fine-tuning models on user behavior data is restricted by privacy laws and ethical concerns. Confidential AI bridges the gap between technical possibilities and regulatory constraints.
• AI Model Monetization: Model developers want to monetize their models without giving away their intellectual property. Customers are unwilling to expose sensitive data. Confidential AI allows both parties to benefit without relinquishing control.
• Model Training and Provenance: Proving the provenance of a trained model is essential. TEEs enable assurance that a model was trained as claimed, linking outputs back to the original data sets.

Super Protocol: A Confidential AI Cloud and Marketplace

Super Protocol is presented as a solution to make Confidential AI usable.

• Definition: Super Protocol is a confidential AI cloud and marketplace designed for secure collaboration and monetization of AI models, data, and compute.
• Key Features:
  • TE Agnostic Infrastructure: Supports Intel, Nvidia, and AMD TEEs.
  • Edge Ready Architecture: Compatible with ARM confidential computing, aiming for end-to-end confidential AI from edge devices to the cloud.
  • Swarm Computing Principles: Scales across distributed GPU nodes with no single point of failure and automatic workload redistribution.
  • Decentralized: Fully decentralized, orchestrated by smart contracts on BNB chain, with no human intervention.
  • Zero Barrier to Entry: No TEE expertise required.
  • Open Source: All parts of Super Protocol will be open source.
• GPUless: Removes dependency on specific cloud vendors or centralized providers. Users maintain control over their GPUs, whether training on their own servers or accessing GPUs through the marketplace.
• Trustless AI: Unauthorized access is technically impossible due to TEEs and Super Protocol's open-source architecture.
• Limitless: Removes legal, technical, and organizational barriers, enabling AI training, deployment, and monetization across organizations and jurisdictions with full confidentiality and ownership.

Case Studies

Two case studies illustrate the benefits of Super Protocol:

• Digital Marketing (Mars & Realize): Realize, an AI company analyzing facial expressions in ads, needed more biometric video data. Privacy laws hindered data sharing. Using Super Protocol's confidential AI cloud, data providers shared four times more sensitive footage, increasing training set size by 319% and accuracy to 75%, resulting in a 3-5% sales increase for Mars.
• Healthcare (BEAL & Titonic): BEAL, developing an epilepsy diagnostic device, needed FDA approval. Titonic's AI-powered audit tool was used on Super Protocol's confidential AI cloud. Audit time decreased from weeks to 1-2 hours, with zero risk of data leaks, avoiding potential 120-day review delays.

Demos

The video includes several demos showcasing Super Protocol's capabilities:

• SuperAI Marketplace: A confidential and decentralized marketplace for AI models and data sets. Models are deployed in TEEs and accessible via API, ensuring privacy and control for authors.
  • Functionality: The demo shows how to deploy a DeepSeek model from the marketplace in a few clicks, verifying that it runs in a confidential environment.
• N8N Automation: Demonstrates building secure automated AI workflows for processing sensitive medical data using N8N deployed on Super Protocol.
  • Use Case: A doctor uploads an X-ray image and patient data via a protected web form. An automated workflow cleans the data, invokes an AI model, generates a medical report, and emails it securely to the doctor.
• Distributed Inference with VLLM: Shows how Super Protocol enables distributed inference of large language models (LLMs) across multiple GPU servers using VLLM, with each VLLM node running inside a confidential VM powered by TEE hardware.
  • Process: The demo involves four host owners providing TEE hardware to run a single large LLM across four GPU nodes in fully confidential mode.
• Trust and Verifiability: Demonstrates how Super Protocol replaces blind trust with built-in cryptographic proofs. Every run is independently verifiable, ensuring transparency down to the hardware level.
  • Multi-Party Training: Alice's lab, Bob's clinic, and Carol's research center collaborate to train a cancer detection model without exposing data or intellectual property. The process is fully automated and verifiable, with cryptographic attestations ensuring the integrity of the execution environment.

Trustless AI: Verifiability and Cryptographic Proofs

The video emphasizes that Super Protocol replaces blind trust with cryptographic proofs.

• Attestation: Every workload generates a cryptographic attestation, a signed proof from the hardware itself, verifying that the model executed in a real TEE using unmodified code on verified hardware.
• Integrity Report: Before training begins, the trusted loader creates an integrity report signed inside the TEE, published on OPBNB, providing public evidence that the job will run in a certified environment with approved inputs.
• Benefits: Users don't have to trust the provider or the platform because they can verify. The system prevents unauthorized access by ensuring that applications and data only load and run if all security checks pass.

Conclusion

Super Protocol offers a practical path forward for developers to leverage Confidential AI, enabling them to run models on private data without exposure, deploy proprietary models without losing control, fine-tune without compliance risk, and verify execution with cryptographic proof. It is presented as a secure, GPUless, trustless, and limitless solution for AI development and deployment.