Lunal is software for secure, verifiable, and private AI.

Built with Trusted Execution Environments (TEEs), it's the fastest way to secure model weights and agents, deliver end-to-end private inference + training, and provide training data provenance.

Ready to get started or curious? Say hi and join us for a hot cup of TEE. 🫖

• 📣 Blog - Secure AI Needs TEEs
• 📣 Partnership with Vail to Fingerprint and Verify AI Models
• 📣 Partnership with Lucid for AI Location Verification
• 📣 Partnership with Impulse AI for Private Training, Fine-Tuning, and Inference
• 📣 Partnership with Reppo for Confidential AI
• 📣 Partnership with Nexus for zkVM Privacy

TEEs provide a never-possible-before combination of privacy, security, verifiability, and performance. For the first time ever, you can now compute on encrypted data with end-to-end verification of the running software. Including AI inference. But TEEs are tricky.

First, privacy doesn't stop at the TEE: all surrounding software and systems must also preserve privacy. And to be verifiable, everything in TEEs must be measurable, attestable, and reproducible.

Getting this right is hard. Getting it right at scale, with best-in-class security and zero downtime? Even harder. That's why we built Lunal: unified software and infrastructure that make TEEs simple, usable, and scalable.

Here are problems Lunal solves that make using TEEs easier:

• Unified CPU & Accelerators: Combined CPU and GPU TEEs so your software, models, and data stay private, secure, and verifiable.

• Drop-in compatibility: Deploy and scale your existing applications and AI workloads in TEEs as-is, with zero changes.

• Seamless CI/CD: Connect Lunal to your GitHub repo. On every commit, Lunal checks out your code, verifiably builds it, and deploys it.

• End-to-end verifiability: Lunal automatically staples a verifiable TEE attestation to every HTTP response in an HTTP response header. These attestations affirm the TEE is uncompromised and attest to all software inside - from the AI model loaded to the git commit of your code.

  You, and any third party, can independently verify these attestations. Attestations are signed by Intel, AMD, and/or NVIDIA.

• Automatic scaling: Global, automatic scaling based on CPU usage, GPU usage, memory pressure, and/or request/response latency. Scaling metrics are privately measured in the TEE with zero-knowledge proofs (ZKP).

• Application services: Privacy-preserving firewalls, DDoS protection, rate limiting, routing, load balancing, and caching. Lunal’s services run in TEEs themselves; Lunal can’t see any passthrough or cached data.

• Security: TEE keys are automatically rotated. Uploaded data can only be decrypted in Lunal TEEs. Hardened OS and language runtimes, reproducible builds, and policy-enforced further reduce the attack surface.

• SDKs: Client and server SDKs encrypt data for upload to Lunal and verify the TEE attestations in responses.

• Logging: All telemetry and logs are recorded privately in the TEE and encrypted with your public key; only you can read them.

👋 Ansgar, Amean, and the merry band of misfits at Lunal