What the TrustedRouter trust page proves
The trust page links out to all of our open source code — everything that touches your prompt when you send it, what gets processed, what comes back to you, and the metadata around billing. It also lists the exact commit hash of the code running on the confidential computing machine, plus attestation instructions you can follow yourself to verify that the open source code is actually what's running. You don't have to take our word for it. You can check.
We never log your prompt or the output. What we do log is metadata: tokens used and processed for billing, date and time, the model you picked, and which region handled the request. The code running in the enclave enforces this, and the attestation is how you confirm that the code you're looking at in the open source repo is the code that actually ran on the machine ID specified in the data center.
The fail-closed part matters a lot. If the security attestation ever fails for any reason, the system shuts down — it doesn't stay open with a degraded guarantee. An open failure means your prompts could potentially be read. So we made the decision that if any part of the attestation chain has a problem, there's no API available. That's the only safe default.
What customers can actually verify is that the code they're talking to matches what's in the public repo at the stated commit hash. That means the prompt information is flowing through code you can inspect line by line, rather than a black box you have to trust on faith.
The limitations are real and I'll say them plainly. We can't provide complete protection if a cloud provider has physical access to the machine through some out-of-band method, and a state-level actor with direct hardware access is outside our threat model. What we're defending against is the realistic attack surface: basic proxy interception, network-level attackers trying to read your prompts, and the general class of attacks where someone could snoop on traffic through our system. Open source code plus confidential computing attestation is what we provide, and you can verify both.
Read the current trust surface at trustedrouter.com/security.
More on TrustedRouter
TrustedRouter — one API, all the LLMs, provably private.
Enjoyed this essay?
Follow me for more insights on technology, startups, and the future.