Confidential Compute
Run AI inside hardware Trusted Execution Environments, so your data, models, and prompts stay encrypted in memory while they are being processed — protected even from the infrastructure operator and privileged administrators. Use powerful infrastructure, including public cloud, without exposing your most sensitive data.
Encrypted In Use
Data and models stay encrypted in memory inside a TEE — not just at rest and in transit — using hardware such as AMD SEV-SNP and Intel TDX.
Remote Attestation
Cryptographic proof a workload runs in a genuine, untampered TEE before any secret, key, or model is released to it.
Use the Cloud Safely
Reach hyperscale capacity and GPU availability while your data and models stay protected from the cloud platform itself, with the keys held by you.
Confidential compute runs AI workloads inside hardware-based Trusted Execution Environments (TEEs) so data and models stay encrypted in memory during processing — not only at rest and in transit. The hardware isolates the workload even from the infrastructure operator and privileged administrators, and remote attestation cryptographically proves the environment's integrity before any secret, key, or model is released to it.
Most encryption protects data at rest and in transit but leaves it exposed in memory while it is actually being used. Sovereign confidential compute closes that gap, letting you use powerful infrastructure — from your own hardware to public cloud — without surrendering confidentiality of your most sensitive data and models. The AI OS supports confidential compute across deployment targets — on-premises and on Azure Local, as well as in public cloud, where Microsoft Azure is available today, with further platforms planned.
Confidential Compute in the Scrydon platform
One integrated, sovereign architecture. Here is where Confidential Compute sits — highlighted against the full stack it works with.
The AI OS for Humans & AI Agents to enable your processes
df.plot.bar()
Link your processes, knowledge & data to ontologies.
Unified storage, structured compute, and secure multi-modal data processing.
Autonomous operatives with specialised skills executing tasks across systems.
Sovereign pipelines, federated APIs, and seamless connector meshes.
Secure domain federation, trusted data sharing, and cross-boundary intelligence.
Confidential Compute in depth
The AI OS only works if it can be trusted. Every layer of the platform rests on a zero-trust infrastructure and identity foundation that operates consistently from fully air-gapped on-premises deployments through to hyperscale cloud environments. Sovereignty is not a feature added on top — it is the condition under which everything else operates.
- Zero-trust architecture: Continuous verification for every request, every user, and every workload — no implicit trust, even inside the perimeter.
- Federated identity: Seamless integration with your existing IdP (SAML, OAuth 2.0, OIDC) for unified, policy-enforced access control.
- Air-gapped deployment: Run the complete platform with no external network dependencies — ideal for defence, critical national infrastructure, and classified workloads.
- Confidential computing: Hardware-level encryption of data in use via AMD SEV-SNP and Intel SGX, protecting workloads even from infrastructure administrators.
Deployment Options: From Air-gapped to Cloud
Deploy the Scrydon platform where it makes sense for you — from air-gapped environments to public cloud — with sovereignty, compliance, and auditability built in.
No data leaves your jurisdiction. No black-box AI. No compromises on control.
This is sovereignty by design.
AI workloads inside a Trusted Execution Environment
Confidential compute processes the entire AI workload — data, model weights, and prompts — inside hardware-isolated enclaves. The CPU and GPU encrypt memory during execution, and keys and secrets are released only after the environment proves its integrity through attestation.
Trusted Execution Environments — Hardware-isolated enclaves built on AMD SEV-SNP and Intel TDX keep workloads separated from the host.
Encrypted memory — Data and model weights stay encrypted in memory while they are being processed, not only at rest and in transit.
Remote attestation — Cryptographic proof that the workload runs in a genuine, unmodified TEE before secrets, keys, or models are provisioned.
Customer-held keys — You hold the keys; the infrastructure operator and administrators cannot read your data in use.
Where you can run confidential compute
The AI OS is designed to run confidential workloads across deployment targets — on your own hardware, on Azure Local, and in public cloud. In the cloud, Microsoft Azure is supported today with confidential VMs and GPUs, and further platforms are planned.
Microsoft Azure — Run the AI OS on Azure confidential VMs and GPUs (AMD SEV-SNP, Intel TDX) for encrypted-in-use AI at hyperscale. Available today.
On-Premises & Azure Local — Run confidential VMs and GPUs on your own hardware, in your datacentre or on Azure Local.
More platforms planned — Support for additional confidential compute targets is on the roadmap as the hardware and cloud ecosystem matures.
Frequently asked questions
What is confidential compute?+
Which platforms are supported today?+
Is data protected from the cloud operator?+
What is remote attestation?+
Why run sovereign AI on a hyperscaler at all?+
Explore the platform
Email us
Prefer to write? Email hello [at] scrydon.com and we will get back to you.
Partners
Building the future of Data & AI together with leading innovators. Learn more .
