Inferred Secrets within Secure Digital Environments via Trusted Computing Machines
In the realm of artificial intelligence, data privacy and security are paramount. Anthropic, a leading AI company, has introduced Confidential Inference, a set of tools designed to process sensitive data within a trusted environment, ensuring data confidentiality and integrity during model inference and protecting user privacy from untrusted parts of the system or external attacks.
Claude AI, a service trusted by millions of users with sensitive information such as proprietary code and confidential business strategies, is one of the key beneficiaries of this technology. The Inference Server, a crucial component of Confidential Inference, is designed to be implemented on top of a small, secure 'model loader and invoker', which can run within a trusted environment.
The model loader, or trusted loader, is responsible for securely loading machine learning models or sensitive data into this trusted environment. It accepts encrypted data, decrypts it, and sends it to the accelerator. Completions are encrypted before they leave the loader and passed back through the API server to the caller. For model weights, only the Inference Server receives sensitive data.
The trusted loader runs on a separate virtual machine isolated by the hypervisor, adding an extra layer of security. The majority of the Inference Server runs on the 'untrusted' side, where it might change frequently, but where changes cannot affect the security of the system as a whole. The API Server and the Inference Server are the two points where sensitive data needs to be operated on in cleartext.
The goal is to ensure that, should the loader be run correctly, confidentiality requirements are met no matter what the rest of the system does. To further bolster security, the loader only accepts programs that have been signed by Anthropic's secure continuous integration server, ensuring that any code that's run has been reviewed by multiple engineers.
Hardware designers are encouraged to consider incorporating confidential computing into their chips, particularly if there is a hardware root of trust attached to the accelerator. The model of Confidential Inference is designed to ensure that customer data is only ever decrypted in contexts with enhanced hardware-based security controls.
Anthropic is also researching and building new technology to cryptographically guarantee users' trust in Claude AI. A new report, published in collaboration with Pattern Labs, describes the mechanics of Confidential Inference in detail. The full report can be read on Anthropic's website.
Moreover, open roles in the 'Security' and 'AI Research and Engineering' sections on Anthropic's website are available for those interested in working on these questions. Future directions include requiring a signature from a safety classifier to run inference and implementing egress bandwidth limitations on servers that hold cleartext model weights at the secure loader layer.
In essence, Confidential Inference is a significant step towards ensuring user security and model weight security, making AI services like Claude AI more trustworthy and secure for all users.
Read also:
- Web3 gaming platform, Pixelverse, debuts on Base and Farcaster networks
- Amazon customer duped over Nvidia RTX 5070 Ti purchase: shipped item replaced with suspicious white powder; PC hardware fan deceived, discovers salt instead of GPU core days after receiving defective RTX 5090.
- Infiltration of Estonian airspace by Russian military aircraft
- Cyber aggression intensifies by China-backed TA415 group, targeting Taiwan's semiconductor production and supply networks
