Skip to main content
The Confidential tier (phala/* models) runs inference behind an Attested Confidential Inference (ACI) gateway — a workload inside a Trusted Execution Environment (Intel TDX + NVIDIA confidential computing). It does two things a normal API can’t, plus one thing no other API does:
  1. It proves which code is running, in a genuine TEE, with an attestation report.
  2. It signs a per-response receipt that ties your exact request and response to that attested workload.
  3. t2000 automatically anchors every response on Sui — a tamper-evident, publicly-timestamped on-chain commitment — and durably stores the signed receipt, so you can verify a response trustlessly, any time, with one command (or in the browser at verify.t2000.ai).
You don’t have to trust our word. You fetch these artifacts and check the signatures, hashes, and the on-chain anchor yourself.

The two proof layers

Attestation report

Proves the gateway is a specific workload in a genuine TEE, and publishes the keys it signs with.

Signed receipt

Proves what the gateway received and returned for one request, signed by a key from the attested report.
The report answers “who served me?”. The receipt answers “what did they do with my request?”. A receipt is only meaningful once you’ve verified the report — the report is what binds the receipt’s signing key to a genuine TEE.

Confidential vs routed

The API serves two postures through one endpoint. The difference is whether the upstream that runs the model is itself attested:
Confidential (phala/*)Routed (frontier openai/*, anthropic/*, …)
Upstream verified before forwardingYes (fail-closed)No
Receipt upstream.verified.resultverifiedfailed
Who sees your promptOnly the attested gateway + attested upstream enclaveThe gateway, then the third-party provider
Confidentiality is a property of the verified upstream, confirmed per response from the receipt — not of the model id. See Confidential vs routed in the trust boundary.

What you can verify

After one confidential request you hold enough to check, locally:
  • The gateway is a genuine TEE workload with a known identity (attestation).
  • The receipt was signed by a key that report endorses (verify).
  • The response you received is exactly the response that was signed (hash match).
  • The same hashes are committed on Sui — tamper-evident, independent of t2000 (verify).
This is the honest counterpart: read the trust boundary for exactly what the Confidential tier proves versus what it still trusts (the gateway’s plaintext leg, under zero data retention).