Confidential compute is only part of the story.

· Bits and Bobs 7/22/24

Confidential compute moves the root of trust to the hardware.

But it also verifiably locks the cloud host (think Google, Amazon, Microsoft) out from peeking at what is happening.

But the risk factor that most people care about as a user is not so much the cloud host, but the service provider.

That is, the creator of the VM that the cloud host is running.

The service provider is the one who might plausibly send your data to a third party or store it recklessly.

The threat of the cloud provider peeking is way less important than the service provider and owner of the data doing some unscrupulous.

Even if one of the major model providers added Confidential Compute for their consumer app offering, it wouldn't change that much.

The threat people worry about is the LLM provider training on their data, and Confidential Compute doesn't really do anything about that.

The ideal is private cloud enclaves.

Confidential from the cloud host.

Private from the service provider.

Verifiable remotely.

More on this topic

From other episodes