Skip to content

Core technology

Opaque is built on a secure foundation that combines hardware-based protections with a software stack designed for sensitive data workflows. This section introduces the core technologies that make Opaque’s security model possible.

Confidential computing

Opaque is built on a foundation of confidential computing, a hardware-based security model that protects data even while it’s being processed. At the heart of this model are trusted execution environments (TEEs)—secure enclaves inside modern processors that keep both data and code encrypted in memory and inaccessible to the rest of the system. No external party—including cloud providers, system administrators, or malicious code—can access the data or code inside a TEE.

When you run a job in Opaque, your data remains encrypted throughout its lifecycle—including during analysis. It’s decrypted only inside a verified TEE, and only for the duration of the computation. This ensures that sensitive information is never exposed, not even to Opaque itself.

Confidential AI

Opaque builds on top of TEEs to deliver what is known as confidential AI—a model that extends the security guarantees of confidential computing to full AI workflows. Confidential AI secures not only your data but also your models, algorithms, and AI agents, ensuring they are executed in trusted environments and governed by verifiable policies.

Remote attestation

To establish this trust, Opaque uses a process called remote attestation. This cryptographic handshake verifies that each component in the system is running the expected code on genuine confidential hardware. Only after this verification can encryption keys be shared and jobs executed, enabling secure collaboration without compromising data privacy or integrity.

Opaque Confidential AI platform

Confidential computing alone is not enough to run enterprise AI securely at scale. That’s why Opaque combines it with a comprehensive software stack that includes:

  • Policy enforcement mechanisms to control how data is accessed and used.
  • Cryptographically signed audit logs for compliance and accountability.
  • An optimized compute engine for running secure, distributed workloads.
  • Data connectors and tooling that integrate easily into enterprise workflows.

Together, these capabilities allow teams to unlock insights from sensitive data while maintaining end-to-end security, regulatory compliance, and operational trust.

For a deeper technical explanation, see the Technical overview in the Developer section.

Next steps