What is a TEE-Protected Gateway?

RedPill’s core innovation is running the entire AI gateway infrastructure inside Trusted Execution Environments (TEE). Unlike competitors who only protect specific models, every single request flowing through RedPill is hardware-protected, regardless of which AI provider you use.
TEE Gateway Architecture

How It Works

1. Request Enters TEE

When you make an API request to RedPill: 
curl https://api.redpill.ai/v1/chat/completions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{"model": "openai/gpt-4o", "messages": [...]}"
The request immediately enters a hardware-protected enclave:
  • Request data is encrypted in transit (TLS)
  • Once inside TEE, data is decrypted only within the secure enclave
  • Even RedPill operators cannot access the data

2. Processing in TEE

Inside the TEE enclave, the gateway:
  • Authenticates your API key
  • Validates the request
  • Routes to the appropriate LLM provider (OpenAI, Anthropic, etc.)
  • Forwards your request through secure channels

3. Response Processing

When the LLM responds:
  • Response enters the same TEE enclave
  • Processed and formatted within secure environment
  • Encrypted before leaving TEE
  • Delivered securely to you
Your data never leaves the TEE in plaintext.

TEE Technology

What is a Trusted Execution Environment?

A TEE is a secure area inside a processor that provides:

Memory Isolation

Protected memory that other processes cannot access

Code Integrity

Guarantees code executes exactly as intended

Data Confidentiality

Encrypted data processing invisible to host system

Remote Attestation

Cryptographic proof of genuine TEE execution

Hardware-Level Protection

TEE protection is enforced by CPU hardware, not software:
FeatureSoftware SecurityTEE Security
Protection LevelApplication layerHardware (CPU) layer
Access ControlOS-basedCPU-enforced
Memory EncryptionOptionalAlways on
AttestationNot availableCryptographic proof
Trust ModelTrust OS & cloudTrust only CPU

TEE Technologies Used

RedPill leverages industry-standard TEE technologies:
  • Intel SGX - Secure enclaves on Intel processors
  • AMD SEV - Secure Encrypted Virtualization
  • ARM TrustZone - ARM processor security
  • NVIDIA H100 TEE - GPU TEE for confidential AI models

Privacy Guarantees

What RedPill Cannot See

Even with full system access, RedPill operators cannot see: ✅ Your API requests (prompts, messages) ✅ Model responses ✅ Function calling parameters ✅ Embeddings input text ✅ Image data (for vision models) ✅ Any data processed in TEE

What RedPill Can See

For operational purposes only:
  • Encrypted request metadata (timestamp, model selected)
  • Aggregated usage statistics
  • Rate limit counters
  • Error logs (no sensitive data)

Cryptographic Attestation

Verify TEE Execution

RedPill provides cryptographic proof that your request executed in genuine TEE: 
# 1. Make a request
curl https://api.redpill.ai/v1/chat/completions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{"model": "openai/gpt-4o", "messages": [{"role": "user", "content": "secret"}]}"

# 2. Get attestation report
curl https://api.redpill.ai/v1/attestation/report \
  -H "Authorization: Bearer YOUR_API_KEY"
The attestation report contains:
  • TEE hardware measurements - Proves genuine Intel SGX/AMD SEV
  • Code measurements - Hash of gateway code running in TEE
  • Platform certificates - Chain of trust to CPU vendor
  • Cryptographic signature - Signed by TEE hardware

Learn About Attestation

Detailed guide on verifying attestation →

Architecture Benefits

1. Privacy by Default

Whether you use OpenAI, Anthropic, Google, or any of 218+ models, all requests flow through TEE. Privacy is guaranteed regardless of your model choice.
Even though we route to providers like OpenAI, your data passes through TEE first. The gateway acts as a privacy shield.
You don’t need to trust RedPill operators. Trust is rooted in CPU hardware and cryptographic attestation.

2. Compliance & Regulations

TEE protection helps meet regulatory requirements:
  • HIPAA - Healthcare data protection
  • GDPR - European data privacy
  • CCPA - California privacy law
  • SOC 2 - Security controls
  • ISO 27001 - Information security

3. Enterprise Security

Suitable for sensitive workloads:
  • Legal documents (attorney-client privilege)
  • Financial analysis (trading strategies)
  • Medical records (patient data)
  • Source code analysis (IP protection)
  • Personal data processing (PII)

Performance

Near-Native Speed

TEE protection adds minimal overhead:
OperationNativeWith TEEOverhead
Request latency50ms51ms~2%
Throughput1000 req/s980 req/s~2%
Token processing100 tok/s99 tok/s~1%

Scalability

  • Horizontal scaling across multiple TEE nodes
  • Load balancing within secure enclaves
  • No performance degradation at scale

Comparison with Competitors

vs Tinfoil

FeatureTinfoilRedPill
TEE Models✅ Yes (specific models)✅ Yes (Phala models)
TEE Gateway❌ NoYes
Multi-Provider❌ No✅ 218+ models
All Requests in TEE❌ Only specific modelsAll requests

vs OpenRouter

FeatureOpenRouterRedPill
Multi-Provider✅ Yes✅ Yes (218+ models)
TEE Protection❌ NoFull TEE
Privacy Guarantees❌ None✅ Hardware-enforced
Attestation❌ No✅ Cryptographic proof

vs Direct LLM APIs

FeatureDirect APIsRedPill
Data Privacy❌ Provider sees all✅ TEE-protected
Verifiable❌ No✅ Cryptographic attestation
Multi-Provider❌ No✅ 218+ models
Code Audit❌ Closed✅ Open source gateway

Open Source

RedPill’s gateway code is open source, allowing you to:
  • Audit security implementation
  • Verify TEE integration
  • Review privacy guarantees
  • Build confidence in the system

View on GitHub

Explore the TEE-protected gateway source code →

FAQs

No, TEE adds minimal overhead (~1-2%). Most latency comes from the LLM provider itself, not TEE processing.
No. Data is only decrypted inside the TEE enclave. RedPill operators cannot access the enclave’s memory or decrypt your data.
TEE vulnerabilities are rare and quickly patched by CPU vendors (Intel, AMD). We monitor security advisories and update immediately.
Use the attestation API to get cryptographic proof. See Attestation Guide.
Yes! All requests flow through the TEE-protected gateway, regardless of which model or provider you choose.

Next Steps

Privacy-First Architecture

Deep dive into privacy architecture

Attestation & Verification

Learn to verify TEE execution

Confidential AI Models

Explore Phala TEE models

Get Started

Start building with RedPill