Phala

6.3K posts

Phala banner
Phala

Phala

@PhalaNetwork

Empowering 10,000 builders and companies to build scalable, private, and safe intelligence.

San Francisco, CA Katılım Ağustos 2019
837 Takip Edilen142.2K Takipçiler
Sabitlenmiş Tweet
Phala
Phala@PhalaNetwork·
OPPO × Phala published a joint paper on Kubernetes Pod-level remote attestation for confidential AI. Goal: prove the hardware, container image, and Pod identity before sensitive data enters the workload. arxiv.org/abs/2606.03323
English
11
23
116
31.6K
Phala
Phala@PhalaNetwork·
We are excited to announce the launch of the @PhalaFoundation X account. Please follow them for updates on the PHA and growth efforts.
English
6
3
43
5K
Phala
Phala@PhalaNetwork·
The trust path is concrete: quote → compose hash → freshness → KMS delegation → result acceptance. Nox repo: github.com/iExec-Nox iExec docs: docs.iex.ec
English
1
1
15
792
Phala
Phala@PhalaNetwork·
Congrats @iEx_ec on bringing dstack into Nox’s Chain of Trust. Nox is iExec’s confidential DeFi/RWA protocol. dstack adds measured CVM execution before sensitive workloads receive secrets or produce results.
English
9
11
67
5.8K
Phala
Phala@PhalaNetwork·
At ICML2026, we are presenting legal bench paper at the AI4Law workshop poster session, board 3211 in Hall A.
Wenfeng Wang@tolak_eth

#ICML2026 @PhalaNetwork is presenting its legal bench paper at AI4Law workshop poster session. Come to poster board 3211 at Hall A if you wanna know why Saul argues your citation is hearsay from an AI

English
4
7
57
6.5K
Phala
Phala@PhalaNetwork·
TEEs move the trust boundary into hardware: prompts decrypt only inside the enclave, and attestation proves the exact code and chip before a byte leaves the device. That is the line between private AI claims and verifiable private compute.
kolsolv@kolsolv

Getting a lot of questions about how TEEs work in @usewisp_io and why they are the most private way to use AI. Wisp uses TEEs in 2 cases: Wisp Proxy (Anonymizer) and the actual LLM inside @PhalaNetwork with @TinfoilAI as fallback. I'll explain both and how we verify TEEs stay intact: > What is TEE or Trusted Execution Environment? It is a hardware-isolated region inside the CPU/GPU that can't be accessed even by the host's OS, hypervisor or other applications. Wisp runs AI inside TEEs. Your prompts are encrypted on your device before being sent to the LLM that lives inside a hardware-secured chip. Your prompts are only decrypted once inside TEE, where nobody can see them. > How do we know for sure that nobody can see inside TEE? Intel TDX (what Wisp uses), has a dedicated hardware memory-encryption engine in the CPU memory path that encrypts data with a per-VM key as it moves between CPU<>RAM. The key lives inside CPU and is never exposed to software. Not even @PhalaNetwork, which supplies the hardware, can see inside. > Since nobody can see inside, how do we make sure that the code running inside TEE is what we claim it to be, and also that it runs on correct hardware? Before anything leaves your device, the Wisp desktop app asks TEE for an attestation - cryptographic proof that TEE is running *this exact code* on *this exact hardware*. The flow is: 1. Wisp asks TEE to attest, sending a fresh nonce. 2. The TEE returns a quote covering a) a hardware attestation and b) a measurement of the code it booted. 3. Wisp verifies the hardware attestation is signed by Intel - proof it's a genuine, up-to-date TDX chip. 4. Wisp matches the code measurement against the published build: the exact image digest our CI produced from the code. We'll open source it soon, so anyone will be able to rebuild it and check the hash themselves. 5. Any mismatch → Wisp refuses to send a single byte off your device. > Why do you use TEEs and not FHE? FHEs are theoretically the most private option for AI inference because your prompts never get decrypted. In TEE, the prompt arrives encrypted, then the enclave decrypts it because the model has to run inference on plaintext. FHE skips the decryption step, AI hardware computes directly on ciphertext and produces an encrypted answer that only your key can open. Problem is, FHE inference is 10,000x slower atm and still doesn't prove which model ran inference, so you need the attesation anyway. Atm, FHE simply isn't commercially viable for mass market AI. When a more private + performant solution emerges, we'll adopt it. > is TEE 100% secure? Nothing is trust-free (including FHE), but the attack cost is the metric here. TEE Attestation doesn't remove trust - it moves the attack vector from 'insider greps the logs' to 'physically taking over a secure machine' which is substantially more expensive. If you need more info on how Wisp works + sign up to the waitlist, go to usewisp.io

English
2
10
66
5.7K
Phala
Phala@PhalaNetwork·
VoxCPM2 turns multilingual TTS and voice cloning into an AI app primitive. Phala keeps voice prompts, audio inputs, cloning config, and app creds inside a TEE CVM. Deploy: cloud.phala.com/templates/voxc…
Phala tweet media
English
5
7
57
4.9K
Phala
Phala@PhalaNetwork·
Blackwell also moves the trust boundary to the fabric. B300 reached 510.4 GB/s NVLink P2P inside a 2-GPU confidential CVM. n=4 topology was validated. Full Phala breakdown: phala.com/posts/blackwel…
English
0
2
17
1.6K
Phala
Phala@PhalaNetwork·
Cold start follows the same rule. GPT-OSS-120B load time under B300 GPU-CC fell from 287.09s to 8.36s with pooled secure contexts, prewarmed lifecycle, and large drained transfers.
Phala tweet media
English
2
0
16
1.6K
Phala
Phala@PhalaNetwork·
Runtime defaults can reverse under GPU-CC. vLLM async scheduling normally helps. On the secure bridge, those copies serialize. On B300, --no-async-scheduling recovered 57% of the dense-decode CC gap.
Phala tweet media
English
1
0
13
1K
Phala
Phala@PhalaNetwork·
The tax is workload-shaped. Rate-capped GPT-OSS-120B serving lost 1.1%. Dense decode lost 13-14%. MoE decode lost 24.7-27.6%. KV restore TTFT rose 131%. Ask what crosses the bridge, and how often.
Phala tweet media
English
1
0
16
1.3K
Phala
Phala@PhalaNetwork·
GPU-local work is close to native. The cost shows up at the boundary. B300 H2D one-context transfer falls to 0.203x. D2H falls to 0.211x. Multi-context copies recover part of the bandwidth, but the bridge remains scarce.
Phala tweet media
English
1
0
21
1.1K
Phala
Phala@PhalaNetwork·
Blackwell changes the confidential AI performance story. On B300, BF16 matmul under GPU-CC runs at 0.998x. A 96,000-matmul CUDA graph runs at 1.0012x. Paper by @bgmshana and Kevin Wang: arxiv.org/abs/2606.23969
English
3
14
70
11K
Phala
Phala@PhalaNetwork·
Open Notebook brings NotebookLM-style research notebooks to self-hosted AI. Phala keeps sources, notes, prompts, and app state inside a TEE CVM. Deploy: cloud.phala.com/templates/open…
Phala tweet media
English
1
10
55
16.4K
Phala
Phala@PhalaNetwork·
The practical takeaway: legal AI needs grounding, citation verification, and calibrated abstention. When retrieval or independent verification is missing, generated legal citations should be checked before use. Code/data: github.com/Sijia711/Legal… Blog: phala.com/posts/legalcit…
English
0
0
15
1.5K
Phala
Phala@PhalaNetwork·
Prompt-only abstention helps, with a clear ceiling. Adding “stop guessing when you cannot verify the exact citation” drops MAR from 89.8% to 69.9% for Qwen3-14B, and from 100.0% to 62.7% for Llama-3.1-8B. Citation F1 stays near zero.
Phala tweet media
English
1
2
17
1.8K
Phala
Phala@PhalaNetwork·
Our LegalCiteBench paper was accepted to AI4Law @ ICML 2026 Workshop 🎉 Authors: Sijia Chen, @bgmshana, @zhou49 It studies a narrow legal AI failure mode: can LLMs produce correct case citations without retrieval? Paper: arxiv.org/abs/2605.10186
English
3
13
80
15.9K