Attestation is All You Need

Every LLM provider will tell you they don't log your prompts. OpenAI publishes a 30-day retention policy. Anthropic publishes a privacy policy. Cohere has SOC 2 Type II. These are promises. A promise is something you can sue over after it's broken. That's recourse, not privacy.

There is a way to get the actual thing. It's called attestation, and it has been deployable in the cloud for years. The industry just never put inference behind it.

A confidential VM runs inside a hardware-backed enclave — AWS Nitro, GCP Confidential VMs, Azure Confidential VMs. The CPU itself signs a measurement of the running binary, and that signature chains to the chip vendor's root key. You can verify the chain. You can compute the same hash from the open-source code. If they match, you know exactly what code is running on the machine that just saw your prompt. The code running is the code that was published, and it cannot be changed at runtime without breaking the attestation. You stop trusting the operator. You start trusting the silicon, whose threat surface is much smaller. If the code you can read does not write prompts to disk, then prompts do not get written to disk — not because somebody promised, but because the code says so and you can check.

trustedrouter.com runs inside an attested gateway: AWS Nitro Enclaves in us-east-1, GCP Confidential VMs in us-central1 and europe-west4, cross-cloud so a single vendor's compromise cannot take everything. Every request can be paired with a live attestation. You generate a nonce, hit /attestation?nonce=<your-nonce>, and the gateway returns a JWT signed by the hardware root key. The JWT contains eat_nonce — your nonce, so the response cannot be replayed — plus image_digest, the SHA-256 of the running container image, and pcrs, the platform measurements at boot. You match image_digest against the artifact hash published at trustedrouter.com/security with every commit. If they match, the code processing your prompts is the code on GitHub. If the attestation fails for any reason — image drift, hardware fault, expired cert — the gateway fails closed. No request reaches a provider until attestation is valid again. A synthetic monitor probes the attestation path every minute and pages on the first miss.

I'm not claiming attestation is perfect. A nation-state with hardware access could try side-channel attacks; AWS and GCP have hardened against most known classes, not all. The hardware vendor's root key is a trust anchor, and if that signing infrastructure is compromised, the chain breaks — cross-cloud helps but doesn't remove the dependency. Open-source code can have bugs, and attestation proves the running binary is the published binary, not that the published binary is correct. But without attestation, every privacy claim from every provider is the operator asking you to trust them. With it, you can check. That's the difference.

Attestation on the gateway closes the front half of the path. The back half is the provider you route to. On TrustedRouter you can pick: route to a Zero Data Retention provider and the prompt is not stored downstream, or route to a Secure Enclave provider and inference itself runs inside a confidential GPU — encrypted GPU memory, attested model server, no plaintext outside the enclave. Combine the two and you get end-to-end privacy from your app, through the attested gateway, all the way down to encrypted GPU memory at the model. The full provider list, ZDR status, and enclave support are at trustedrouter.com/providers.

LLM traffic is becoming the new sensitive data path. Code goes through it, drafts, contracts, medical notes, therapy logs. The default privacy story is still "trust us." That was acceptable for SaaS in 2010. One well-placed prompt log can leak more about a person than their email, and Nitro overhead is single-digit milliseconds — there is no performance reason to keep shipping inference without attestation. TrustedRouter is live. The trust surface, attestation flow, and full open-source code are at trustedrouter.com/security.