RedPill

Verify

Don't Trust Our Privacy Claims.
Verify Them.

RedPill exposes nonce-bound attestation reports, upstream verification, signed receipts, and attested sessions so privacy is a cryptographic evidence chain, not a policy promise.

Read Verification DocsSee How It Works

AI privacy today is too often a trust-me promise.

Policy Promises

Most AI privacy claims depend on contracts, settings, and logs you cannot independently inspect.

No Hardware Evidence

Without attestation, you cannot prove which workload handled your prompt or which keys it controlled.

Weak Audit Trails

Privacy reviews need repeatable evidence: request hashes, route records, signed receipts, and attested sessions.

Policy Promises

Most AI privacy claims depend on contracts, settings, and logs you cannot independently inspect.

No Hardware Evidence

Without attestation, you cannot prove which workload handled your prompt or which keys it controlled.

Weak Audit Trails

Privacy reviews need repeatable evidence: request hashes, route records, signed receipts, and attested sessions.

Proof Layers

Verify Each Step of Confidential Inference

Fetch the report, receipt, and attested session; then verify the evidence locally instead of trusting a server-side claim.

Verification Modes

What ACI Proves Depends on What You Verify

The gateway produces evidence. The relying party still has to check that evidence locally or through shipped artifact verification tooling.

Plain OpenAI SDK

The call works like a normal API call. Evidence can be generated and audited later, but no mismatch is rejected in the moment.

Artifact Verification

A relying party verifies gateway identity, channel binding, upstream verification, receipt signature, and response hashes.

ACI E2EE

Selected request and response fields are encrypted to a key from the attested keyset, so non-TEE nodes see ciphertext.

Honest Boundaries

ACI cannot make an arbitrary upstream confidential; the adapter must verify provider identity and enforce channel binding.

Optional middleware sees plaintext after gateway decryption and must be inside the same attested deployment and audit boundary.

Receipts are implemented with configurable TTL, but durable public transparency logging is not implemented yet.

Comparison

Trust-Me AI vs Prove-It AI

Privacy policies are useful. Receipts, channel bindings, and audit sessions are testable.

Standard AI API

Plain hosted inference

Privacy-Policy AI

Promise-based privacy

RedPill

RedPill

Cryptographic evidence

Downstream Channel Binding
No
TLS only
TLS-SPKI or ACI E2EE key in the attested keyset
Upstream Verification
No
Not provable
Provider identity verified before forwarding
Attestation Report
No
No public endpoint
/v1/aci/attestation
Signed Receipt
No
No
x-receipt-id + /v1/aci/receipts/{id}
Attested Session
No
No
/v1/aci/sessions/{session_id}
Open Source
Closed
Usually closed
Gateway + evidence verifier
Verify It Yourself
For Lawyers
For Healthcare
For Finance
For Executives

Built for Professionals

For industries where confidentiality isn't optional, RedPill delivers AI that respects your professional obligations.

  • For Lawyers
  • For Healthcare
  • For Finance
  • For Executives

Open Source Where It Matters

Audit the gateway, run the verifier, inspect the chat UX, and track the ACI signed-receipts spec as a developer-preview proof layer.

Open Source Verification

Get an API key in 2 minutes

Start with the OpenAI SDK, choose a confidential model, and add verifier checks when you need audit-grade proof.

Get API Key
Private Chat
TEE model
AI
Hi. Ask me anything and I'll open the confidential chat with openai/gpt-oss-120b selected.
Zero data retentionVerifier ready
RedPill

The confidential AI cloud: verifiable inference with attestation reports, signed receipts, audit sessions, and E2EE paths.

© 2026 Hashforest Technology LLC. All rights reserved.