Tinfoil
Tinfoil is confidential-AI infrastructure with private inference, private chat, and confidential containers. It presents client attestation and open security-critical code as central to its privacy model.
Model
Its SDKs are intended to verify attestation and supply-chain evidence on connections. The company also documents residual risks: hardware and firmware vulnerabilities, side channels, compromised credentials, customer misconfiguration, and infrastructure outside its control.
That candor is a good standard for a venture making technical privacy claims.
Lesson for the venture
Tinfoil is an infrastructure competitor and possibly a partner or benchmark, not the entire user-facing solution.
The gap is making confidential computing usable for ordinary professionals: local-first task design, document workflow, route choice, recovery, training, and evidence that a non-specialist can understand.
Limit
Attestation is only as useful as the client’s verification policy, the measured code, the key-release path, and the surrounding connectors. An untrusted browser plugin, analytics SDK, tool, or support workflow can still leak content outside an otherwise good enclave boundary. Private AI trust boundaries applies this system view.