Sovereign Agents

Your AI.
Your rules.
Your sovereignty.

Proactive AI agents that run inside confidential computing enclaves and use confidential inference for their LLM backend — so no one, not even the model provider, can see your data.

How it works GitHub

The problem

Your data isn't private

Every prompt is logged

Every question you send to ChatGPT, Claude, or Gemini is stored and can be reviewed. Your most sensitive thoughts become training data.

The provider sees everything

Your queries, your context, your documents — all visible to the model provider. You're relying on their promise not to look.

Trust is not a security model

Terms of service change. Breaches happen. Without hardware-enforced isolation, "we don't read your data" is just a policy — not a guarantee.

The solution

Hardware trust, not software promises

Sovereign Agents run inside AMD SEV-SNP secure enclaves and use confidential inference for their LLM backend — so your data is protected by silicon, not terms of service.

Encrypted VMs

The entire agent runs in a VM where memory is encrypted by a hardware key. The hypervisor, the host OS, even the cloud provider cannot read what's inside.

Confidential inference

LLM queries are encrypted before they reach the model. The provider receives ciphertext and returns ciphertext. They never see your prompts, your context, or your data.

Remote attestation

Cryptographic proof that the enclave is running genuine, unmodified code. You can verify the exact software that's handling your data — every time.

Capabilities

What your agent does

01

Intelligent orchestration

Your agent manages projects, coordinates resources, and handles communication across your entire digital ecosystem — all from within an encrypted enclave.

02

Private knowledge base

Daily summaries from your trusted sources. Personal knowledge integration. Research powered by confidential inference, so no one sees what you're searching for.

03

Confidential inference

Your prompts are encrypted before reaching the model. Responses are encrypted before leaving the enclave. The model provider never sees your data — your queries, your context, your outputs.

04

Tool access without exposure

Connects to external services and specialized capabilities through encrypted channels. Your data never leaves the enclave unencrypted.

Architecture

How it's built

Confidential container

Runtime

The Hermes agent runs inside a confidential container on AMD SEV-SNP hardware. The entire VM memory is encrypted by the AMD Secure Processor — the hypervisor, the host OS, and the cloud provider cannot read what's inside. Remote attestation verifies the container is running genuine, unmodified code.

Persistent encrypted storage

State

The agent maintains persistent state across sessions — conversation history, knowledge base, preferences, and context. All storage is encrypted and sealed to the enclave, so only the attested container can read it. Data survives restarts without ever being exposed.

Confidential inference

LLM backend

All LLM queries go through confidential inference. Your prompts are encrypted before they reach the model provider, and responses are encrypted before they return. The provider sees ciphertext in and ciphertext out — they never see your prompts, context, or outputs.

Tool integration

Interface

External services, data sources, and tools connected through encrypted channels. All communication exits the enclave encrypted, ensuring no data leakage to third parties.

Ready to reclaim
your digital sovereignty?

Sovereign Agents extend your capabilities while preserving your agency — protected by silicon, not terms of service.

Get started View architecture