Tubegraph

Super Protocol for secure AI collaboration and monetization

11 min read

From: aidotengineer

Confidential AI addresses the critical issue of trust in the rapidly transforming AI landscape [00:00:11]. Super Protocol aims to make confidential AI a practical reality, enabling developers to run, scale, and monetize AI workloads securely [00:00:36]. This includes working with sensitive data, proprietary models, or untrusted partners [00:00:58].

The Challenge of Trust in AI

While AI is transforming sectors like healthcare, finance, automation, and digital marketing, a significant barrier remains: trust [00:00:14]. Key concerns include:

  • Running models on sensitive data without transferring ownership [00:00:18].
  • Deploying proprietary models without losing control [00:00:24].
  • Collaborating in non-deterministic environments without relying on blind trust [00:00:29].

The most overlooked problem in AI today is that data and models are most vulnerable during processing (training, fine-tuning, or inference), not during storage or transit [00:01:21]. Traditional cloud setups fall short as they rely on trust and legal contracts rather than provable guarantees [00:07:58].

Real-World Problems Addressed by Confidential AI

  • Healthcare: Obtaining permission to use sensitive medical data for training or fine-tuning AI models is exceptionally difficult due to tight controls, high generation costs, and data silos [00:03:51]. Existing regulations prevent bringing models to the data [00:04:21].
  • Personal AI Agents: Mass adoption of personal AI agents (managing inbox, calendar, documents) is hindered by the need for deep access to private, sensitive data, raising concerns for users, developers, and regulators regarding exposure, theft, misuse, and liability [00:04:50].
  • Digital Marketing: Fine-tuning models on real user behavior data is complicated by privacy laws (e.g., GDPR, CCPA), internal security rules, and ethical considerations, often risking regulatory issues or outright blocking data use [00:05:47].
  • AI Model Monetization: Model creators want to monetize their domain-specific models (legal, medical, financial) without giving away proprietary models or their weights, while customers are unwilling to expose their sensitive data for testing or production [00:06:22]. Confidential AI allows both parties to retain control [00:07:04].
  • Model Training and Provenance: Proving that a model was trained where and how it was stated is a challenge [00:07:11]. Attested execution makes it possible to assure the provenance of data, linking inference outputs back to original data sets [00:07:37].

Foundation: Confidential AI and Trusted Execution Environments (TEEs)

The core technology behind confidential AI is confidential computing [00:01:08].

  • Trusted Execution Environments (TEEs): A TEE is a secure, isolated part of a processor (like Intel TDX, AMD SEV-SMP, or Nvidia GPU TEEs) [00:01:37].
    • It creates a “confidential environment” where code and data are protected even during execution [00:01:53].
    • The chip itself provides isolation using built-in instructions [00:02:00].
    • Once a workload enters this environment, it’s protected in memory, invisible to the host OS, hypervisor, or anyone with system access, including the hardware owner [00:02:08].
  • Cryptographic Attestation: A TEE generates a cryptographic attestation, which is a signed proof that the workload ran inside verified hardware using unmodified code [00:02:24].
    • This provides strong assurance that the workload is truly hardware-protected [00:02:40].
    • Attestation also verifies what is in the TEE and that it is a real, properly manufactured TEE-capable chip [00:02:54].
    • In essence, TEEs allow running sensitive computations securely and proving they ran as intended [00:03:14]. This means AI models can run on sensitive data without exposing either the model or the data [00:03:24].

Super Protocol: Principles and Architecture

Super Protocol is a confidential AI cloud and marketplace designed for secure collaboration and monetization of AI models, data, and compute [00:08:26].

Core Principles

  • GPUless: This means removing dependency on specific cloud vendors or centralized providers, allowing accelerated AI workloads across independent GPU nodes [00:10:31]. Users don’t need to buy or rent GPUs for extended periods, maintaining control [00:10:46].
  • Trustless: Super Protocol replaces blind trust with built-in cryptographic proofs [00:31:40]. Every run is independently and transparently verifiable down to the hardware level [00:31:49]. No unauthorized access is technically possible by hardware providers, Super Protocol, or third parties [00:11:02].
  • Limitless: Super Protocol removes legal, technical, and organizational barriers [00:11:23]. It bypasses traditional cloud limitations on data, geography, and control [00:11:38]. It supports agentic, non-deterministic AI where autonomous agents interact and evolve in real-time, which traditional clouds struggle with [00:11:58]. This allows training, deployment, and monetization of AI across organizations and jurisdictions with full confidentiality and ownership [00:12:18].

Architectural Features

  • TE-Agnostic Infrastructure: Super Protocol runs on Intel, Nvidia, and AMD TEEs and plans to support new platforms as major chip makers integrate TEEs [00:08:41].
  • Edge-Ready Architecture: ARM confidential computing has been validated via ARM 9 emulation, confirming full compatibility [00:09:01]. The aim is to deliver end-to-end confidential AI from personal edge devices to the cloud [00:09:16].
  • Swarm Computing Principles: The platform scales across distributed GPU nodes, ensuring no single point of failure and automatic workload redistribution in case of server downtime [00:09:27].
  • Decentralized: Fully decentralized with no human intervention, orchestrated entirely by smart contracts on BNB chain [00:09:40].
  • Zero Barrier to Entry: Users do not need TEE expertise to run or attest workloads [00:09:51].
  • Open Source Protocol: All parts of Super Protocol are open source, acting as a protocol (like HTTPS for data safety online) to protect data while AI processes it [00:10:03].

Case Studies and Demos

Digital Marketing: Realize and Mars

Realize, an AI company measuring ad reactions via facial expressions, needed more biometric video data to improve AI accuracy [00:13:05]. Privacy laws and data ownership concerns made providers reluctant to share sensitive footage [00:13:32].

  • Solution: Realize used Super Protocol’s confidential AI cloud for its Mars project [00:14:45]. AI training ran inside secure TEEs (Nvidia H100s/H200s, Intel Xeons), with every step automated by smart contracts and verified by hardware and Super Protocol’s open-source certification [00:13:48].
  • Outcome: Data and models remained completely secure and inaccessible to the cloud provider, Super Protocol, or even Realize [00:14:10]. Providers shared four times more sensitive footage, increasing the training set by 319% [00:14:24]. Accuracy jumped to 75% (human-level performance) [00:14:37], resulting in a 3-5% sales increase for Mars across 30 brands in 19 markets [00:14:47].

Healthcare: BEAL and Titonix

The Brain Electrophysiology Laboratory (BEAL) needed to submit perfect documentation for FDA approval of a new epilepsy diagnostic device [00:15:19]. This process usually took weeks of manual audits, NDAs, and risked exposing trade secrets, with potential 120-day delays [00:15:42]. They wanted to use Titonix’s AI-powered audit tool but worried about data and model exposure in traditional cloud environments [00:16:01].

  • Solution: Titonix used Super Protocol’s confidential AI cloud [00:16:15]. The audit ran inside secure TEEs (Nvidia H100/H200 GPUs, Intel TDX CPUs) [00:16:22]. All steps were automated, orchestrated by smart contracts, and backed by cryptographic proof [00:16:32]. Files and models remained encrypted, readable only within the secure environment, and completely hidden from Super Protocol, BEAL, Titonix, or anyone else [00:16:36].
  • Outcome: Audit time dropped from weeks to 1-2 hours [00:16:53]. There was zero risk of leaks, BEAL’s and Titonix’s IP remained fully protected, and all re-review delays were eliminated [00:17:00].

Super AI Marketplace Demo

The SuperAI marketplace is built on a confidential AI and decentralized architecture with no centralized components [00:18:10]. A blockchain-based ecosystem manages relationships and financial settlements between AI model/data providers, hardware providers, and clients [00:18:19].

  • Models remain private and authors retain full control and ownership; models can be leased but not downloaded [00:18:33].
  • No one has access to the TEE during processing, ensuring models and user data are inaccessible even to clients [00:18:41].
  • Models are deployed in the TEE and accessible via link or API [00:18:51].
  • Monetization scenarios include per hour, fixed, and revenue sharing [00:19:01].
  • Deployment of an AI model like DeepSeek on an H100 GPU is automated, with the order created on blockchain and prepared for deployment in a confidential environment [00:20:07].
  • Verification tools confirm the model is deployed in a confidential environment, the connection is encrypted, and the AI engine has not been tampered with [00:21:10].

Agentic AI Workflow for Medical Data (N8N)

Super Protocol allows building secure automated AI workflows for processing sensitive medical data using N8N deployed on the platform [00:21:50].

  • Everything runs inside TEEs, inaccessible even to server admins or Super Protocol, combining low-code automation with decentralized infrastructure for fully confidential, compliant, and verifiable medical AI [00:22:01].
  • Use Case: A doctor uploads an X-ray image and patient data via a protected web form [00:22:17]. This data is passed into an automated workflow built with N8N running inside a TEE [00:22:25].
  • The workflow cleans input data, invokes an AI model for X-ray analysis, and generates a structured medical report [00:22:36]. This report is then securely emailed to the doctor [00:22:42].
  • API keys and login details (e.g., Gmail credentials for sending reports) are securely stored and isolated inside the TEE [00:23:26].
  • Personal data is separated, ensuring the AI model receives only necessary diagnostic input (X-ray, symptom description) [00:24:15]. The result is combined with personal data to form the medical report [00:24:25].
  • This solution is adaptable to other use cases like CT scans, MRIs, ECGs, and lab tests [00:25:57].

Scaling: Distributed Inference with VLLM

Super Protocol enables distributed inference using VLLM across multiple GPU servers without relying on a single provider, embodying the “GPUless” principle [00:26:19].

  • VLLM partitions a large language model by layers, assigning computation to different nodes in an overlay network, which is efficient for memory and throughput [00:26:42].
  • Security: Every VLLM node runs inside a confidential VM powered by TEE hardware, all connected over a private overlay network [00:27:01]. Data, model weights, and intermediate activations are decrypted and processed only inside each confidential environment, with all inter-node communication encrypted [00:27:12].
  • This prevents sensitive material from ever leaving the secure boundary or being exposed to any host operator [00:27:24].
  • The demo shows launching distributed VLLM inference (e.g., Mistral with 22 billion parameters) across four GPU nodes (Alice, Bob, Carol, David) in fully confidential mode [00:27:31].
  • On-chain reports can be downloaded and verified to confirm that image and model hashes match expectations for each participant [00:30:31].
  • The distributed setup provides both security via TEE hardware and improved performance through parallel processing [00:31:26].

Trustless: Verifiable by Design

Super Protocol replaces blind trust with built-in cryptographic proofs [00:31:40]. Every workload generates a cryptographic attestation, a signed proof from the hardware itself, showing what ran, where, and how, without exposing the actual workload data [00:32:03].

  • This attestation verifies that the model executed in a real TEE using unmodified code on verified hardware inside a secure open-source runtime [00:32:35].
  • Users don’t have to trust the provider or platform because they can verify [00:32:51]. If attempts are made to bypass the protocol, sensitive data won’t be exposed as the application and data won’t load or run [00:32:58].
  • Multi-party Training Example: Alice’s lab and Bob’s clinic hold sensitive medical data, and Carol brings a training engine [00:33:30]. The goal is to train a new model for early cancer detection on Alice’s and Bob’s data without exposing their data or Carol’s IP [00:33:42].
  • All three inputs run inside a TEE, making them inaccessible to the cloud host, Super Protocol, or even the participants [00:33:50]. Outside the TEE, each party maintains full custody of their assets [00:34:07].
  • Training is fully automated by a verified engine, Super Protocol’s certification center, and smart contracts on BNB chains [00:34:17].
  • A confidential virtual machine (CVM) is launched, attested by an open-source certification authority for authenticity and secure runtime [00:34:49].
  • An open-source “trusted loader” inside the CVM creates a signed key pair and checks every component [00:35:18]. If any check fails (e.g., hash mismatches), the process stops to protect all parties [00:35:33].
  • Carol uploads her engine image to her encrypted storage, providing its hash and source code for Alice and Bob to verify [00:35:57]. Alice and Bob upload their encrypted data sets using the SPCTL CLI tool [00:36:40].
  • Alice and Bob grant the CVM access, specifying the verified engine’s hash and the CVM ID [00:37:16]. Only the specified CVM can decrypt the data [00:37:37].
  • Carol places the main order to process the workload using her engine and Alice’s/Bob’s access files [00:37:46]. Training only starts inside the TEE if every hash matches [00:38:08].
  • Data and the engine are decrypted only inside the TEE [00:38:13]. Participants cannot access them during execution [00:38:18]. Only Carol receives the encrypted output (newly trained model and artifacts) [00:38:27].
  • Before training, the trusted loader creates an integrity report signed inside the TEE, which is later published on OPBNB as part of the order report [00:39:53]. This provides public, tamper-proof evidence that the job ran in a certified environment with approved inputs [00:40:06].
  • After every job, all raw inputs are wiped [00:41:07]. An order report is published on-chain, proving the run was genuine [00:41:10].
  • This turns complex, multi-party, trust-heavy collaboration into a push-button workflow [00:41:47], requiring no expertise in confidential computing [00:41:54].

Conclusion: The Super Protocol Advantage

Super Protocol offers a practical path forward for developers, providing a simple, transparent, and verifiable solution for confidential AI [00:43:03]. It enables:

  • Running models on private data without exposure [00:42:37].
  • Deploying proprietary models without losing control [00:42:39].
  • Fine-tuning without compliance risk [00:42:42].
  • Verifying execution with cryptographic proof [00:42:45].

It is secure by design, GPUless, trustless, and limitless [00:42:59].

For more information, visit the Super Protocol website, the SuperAI marketplace, or review their documentation and Nvidia’s article on Super Protocol [00:43:12].

Graph View