Product

FHEnom for AI™

The first AI security platform that never decrypts your data. Fully homomorphic encryption purpose-built for AI inference and training — with zero performance penalty.

Architecture

How FHEnom for AI™ Works

Every stage of the AI pipeline operates on ciphertext. There is no point — from ingestion to output — where data exists in plaintext on the infrastructure.

Pre-Deployment — One-Time Setup

Model Encryption

Model weights, parameters, and architecture are encrypted using FHE before deployment. Existing pre-trained or newly trained models can be encrypted and deployed to any infrastructure — cloud, on-prem, or edge.

One-Time

Key Custody Configuration

Model key is triple-encrypted for TEE transfer. Key custody topology is established based on deployment scenario — on-prem, cloud, or mixed ownership.

One-Time
Runtime — Every Inference Request
01

Client Encryption

Prompt encrypted at source with ephemeral session key. Data never leaves client control in plaintext.

Encrypted
02

Encryption Tokenizer

Tokenization occurs in ciphertext space. No plaintext tokens are ever generated.

Encrypted
03

FHE Inference

Encrypted model + encrypted prompt → encrypted output. GPU computes directly on ciphertext.

Encrypted
04

Decryption Tokenizer

Detokenization in ciphertext space. Encrypted tensor outputs are converted back to encrypted token sequences.

Encrypted
05

Client Decryption

Only the session key holder decrypts the response. Infrastructure never sees the output.

Encrypted
Threat Model

When Is a TEE Required?

FHEnom for AI™ uses TEEs for key custody only — never for data processing. Whether a TEE is required depends on deployment topology.

Scenario 1

All Owners On-Prem

Model owner and data owner both on-premises. Physical security provides key custody.

TEE Optional
Scenario 2

Cloud Model, Thick Client

Model in cloud, thick client on-premises. Client holds keys locally.

TEE Optional
Scenario 3

Cloud + Thin Client

Cloud deployment with thin client. Keys must be custodied in hardware-hardened enclave.

TEE Required
Scenario 4

Mixed Ownership

Different organizations own model and data. TEE provides neutral key custody.

TEE Required
KEY DISTINCTION

FHEnom for AI™ uses TEEs for key custody only, never for data processing. This is fundamentally different from Confidential Computing, which decrypts data inside TEEs.

Key Management

Two Key Lifecycles. Zero Exposure.

Model Key

Persistent — One Generation

Generated once from model owner's secret. Encrypted with owner's password. Either delivered to owner or destroyed.

If TEE present: stored inside TEE and never leaves in any form.

TEE-to-TEE transfer uses triple encryption: user password + new TEE public key + TLS. The model key never exists in plaintext outside a TEE under any circumstances.

Session Keys

Ephemeral — Per Session

Created and destroyed with each session. Every session is cryptographically isolated from every other session.

No session key survives beyond its session. No correlation possible between sessions.

Even if one session key were compromised, zero other sessions are affected.

How We Compare

The Fatal Five — At a Glance

The five security properties that separate infrastructure isolation from encrypted execution.

Security Property Infrastructure Isolation (TEE) Encrypted Execution (FHEnom for AI™)
Data state during computation Decrypted inside TEE enclave Never decrypted — computed on ciphertext
Plaintext exposure window Plaintext inside TEE; decrypted for GPU compute None — zero plaintext at any point
Multi-tenancy risk Hardware shared; vulnerable to side-channels Cryptographic isolation replaces hardware isolation
Post-quantum readiness Protocols upgradable; hardware limits apply Quantum-resistant by design (CVP)
AI inference performance Near-native speed inside hardware enclave Matches plaintext — 0.66ms E/D overhead
See Full Technical Comparison →
Real Deployments

Where FHEnom for AI™ Is Running Today

MSP

Secure Inference-as-a-Service

Managed service providers are deploying FHEnom for AI™ to offer encrypted AI inference as a managed service — a GPU-level security layer their customers can't get anywhere else.

Systems Integrator

Regulated Training

A Fortune 500 global SI with 350K+ employees training models on regulated client data — without the SI ever seeing the data or the model. Customer encrypts, SI trains blind.

Sovereign AI

Sovereign Cloud Burst

On-prem GPU capacity is finite. Data sovereignty regulations require jurisdictional control. FHEnom for AI™ eliminates the trade-off: data is encrypted before it leaves your premises and stays encrypted throughout processing on any cloud, in any jurisdiction. The cloud provider processes ciphertext — they cannot see the data, the model, or the results. Sovereignty is maintained mathematically, not by hardware attestation in a foreign datacenter.

Pharmaceutical

Drug Discovery IP Protection

AI models contain all R&D IP. Loss of the model means loss of the business. FHEnom for AI™ encrypts the model so it can run on shared infrastructure without exposure.

Integration

Three Steps. Zero Code Changes.

FHEnom for AI™ deploys as a gateway VM that replaces your AI endpoint. Drop-in replacement — no application code changes required.

01

Encrypt Your Model

Use the FHEnom for AI™ CLI to encrypt your model. Encrypted tokenizer replaces the standard tokenizer when the model is placed in service.

02

Configure the Gateway

Admin CLI configures the FHEnom for AI™ gateway VM to point to your encrypted vLLM endpoint. Supports vLLM; other frameworks (like Bedrock) coming soon.

03

Point Users to FHEnom for AI™

Users interact with the FHEnom for AI™ endpoint instead of direct vLLM. Same API. Same behavior. Fully encrypted.

Specifications

Technical Specifications

0.66ms
Encrypt/decrypt overhead for 4K tokens
0μs
Inference latency difference vs. plaintext
100%
Output accuracy — bit-exact FP32 match
Any GPU
Hardware-agnostic — no TEE required for compute
FIPS 140-2
Validated (140-3 pending, 30–45 days)
ISO 27001
2022 certified
vLLM
Supported framework; others (Bedrock) coming soon
Gateway VM
Drop-in deployment, zero code changes
BENCHMARK

Performance claims independently verified by a third-party xPU manufacturer. Full benchmark results to be published shortly.

Get Started

See Encrypted Inference.
Running Live.

Schedule a technical demo with our engineering team. Bring your model. We'll encrypt it.

BOOK A DEMO TALK TO ENGINEERING