// 001 / HERO 001

CYNTRISEC // AIR.V1 / CONFIDENTIAL INFERENCE

PROOF
AS
OUTPUT.

Send to an OpenAI-compatible endpoint. Run inside an attested enclave. Receive output with a signed AIR receipt that any auditor can verify offline.

Scope_Pilot Read_Docs

PROTOCOLAIR / V1.0

ENCLAVEATTESTED

PLATFORMSNITRO·TDX·H100CC

FORMATCOSE_SIGN1

SIGED25519

01/04

Protocol

AIR_V1

IETF Draft / CBOR / COSE

02/04

Transport

OPENAI_COMPAT

Plug in your OpenAI client

03/04

Platforms

NITRO / TDX / H100_CC

AWS · GCP · Confidential GPU

04/04

Verify

OFFLINE_ED25519

Receipt signature verifies offline

// 002 / SUBSTRATE 002

RECEIPT
BINDS
EVERYTHING.

Each request runs on attested confidential hardware. The receipt cryptographically binds environment, model identity, request, and response to a single Ed25519 signature.

// 003 / PIPELINE 003

STAGE_01 / INGRESS

Send the request

Call the gateway instead of your standard cloud inference endpoint. Drops into your existing OpenAI client setup.

CHANNEL TLS 1.3 · ROUTE /v1/chat/completions

STAGE_02 / EXEC

Run in the enclave

Plaintext is released after attestation and policy checks. Model weights are bound to a signed manifest.

TEE NITRO·TDX·H100CC · POLICY MANIFEST_PIN

STAGE_03 / RECEIPT

Return signed proof

You receive output plus a CBOR receipt bound to request, response, and model identity. Signature verifies offline.

FORMAT COSE_SIGN1 · KEY ED25519

// 004 / AUDIT 004

VERIFY. WITHOUT TAKING OUR WORD.

// SAMPLE OUTPUT · ephemeralml verify

$ ephemeralml verify receipt.cbor EXIT 0

[step 1]receipt signature verifieded25519

[step 2]enclave attestation validtdx_quote

[step 3]model identity matchmanifest:sha256

[step 4]request hash boundsha256

[step 5]response hash boundsha256

→ verification complete · 5/5 checks · 0 failed

// 005 / PILOT 005

PILOT MOTION

DEPLOY WHERE
"TRUST_US"
DOES NOT SCALE.

Scope_Pilot Trust_Center

PROOFASOUTPUT.

RECEIPTBINDSEVERYTHING.