Trusted Execution Environment (TEE)

A Trusted Execution Environment is a secure area of a processor that isolates code and data from the host operating system, enabling confidential computing for sensitive AI workloads.

What is a TEE?

A Trusted Execution Environment is a hardware-isolated region of a CPU (or now GPU) where code and data are protected from the host operating system, hypervisor, and cloud operator. Code runs inside the TEE; the operator cannot see the data being processed. The hardware provides cryptographic attestation that proves which code is running, so a remote party can verify trust without trusting the cloud operator.

Production TEEs include Intel TDX (the successor to SGX), AMD SEV-SNP, Arm CCA, AWS Nitro Enclaves, and the recent generation of NVIDIA Hopper / Blackwell GPUs with confidential computing extensions.

Why AI procurement cares

TEEs unlock deployments where the buyer cannot trust the AI vendor with raw data but the vendor cannot run on the buyer's premises. The AI runs in the cloud, the data stays encrypted to the cloud operator, and the buyer receives an attestation that the agreed-upon AI workload (and only that workload) processed the data. Sectors driving adoption: healthcare (PHI), financial services (MNPI), government (classified-adjacent), and increasingly anyone building a multi-tenant AI product over sensitive customer data.

What to ask vendors

Does the vendor support TEE deployment, which TEE platforms, what attestation format is provided, can you verify the attestation independently, and what is in the TCB (Trusted Computing Base) — particularly whether the inference engine and any sub-processors are inside or outside the enclave. Confidential AI is an active and rapidly-moving space; expect more vendors to offer TEE options in 2026-2027.