Alpha · Umbra is in testing. No payments or payouts yet; all credit is free while we tune the network.
Home · docs · trust
Trust model

The short version of how Umbra tries to make private inference verifiable.

The console stays operational. This page is the opt-in explainer: what gets verified, where the hard proof lives, and which pieces are still alpha.

Provider

Apple provider attestation

Secure Enclave identity, Managed Device Attestation, signed freshness, and prompt-key binding at provider registration.

System

Threat model

What Umbra is designed to protect, what remains operator-trusted, and what is explicitly out of scope during alpha.

Live

Network stats

Real current model/provider/request counts from the coordinator. No fabricated supply or traffic.

Request path at a glance

1Developer sends prompt

The API request reaches the coordinator through the OpenAI/Anthropic-compatible surface.

2Coordinator checks runtime

The confidential coordinator path uses the SEV-SNP verifier.

3Provider registers proof

Mac trust is established on the WebSocket register frame with MDA material and freshness.

4Receipt work continues

Server-signed response receipts are not live yet; the console labels this honestly.

Implemented now

Coordinator SEV-SNP verifierlive
Provider register-frame freshnesslive
Wallet/user APIscoordinator-backed

Still alpha

Server-signed response receiptspending
Public payable routing tierfail-closed below code_attested
Cash-out settlementdisabled