Attestation

Jason Clinton’s OC3 2026 talk on confidential computing and scaling laws pushed me to finally write about Anthropic’s Confidential Inference Systems paper, a joint publication with Irregular (formerly Pattern Labs), released June 2025. It’s one of the cleaner public treatments of what it actually means to make AI trust verifiable rather than asserted. It also points directly at a gap the industry hasn’t begun to close: trust in agentic systems. This post unpacks the paper’s core contributions, where its claims need qualification, and where I think the conversation has to go next: from confidential inference to attested agent identity. ...

In January, I wrote about WhatsApp’s Private Processing as a milestone for confidential computing: the first time TEEs were deployed at truly global scale to protect AI inference for billions of users. That post was about the architecture. This one is about what happened when someone tried to break it. Trail of Bits just published its pre-launch security audit of WhatsApp’s Private Processing system. They found 28 issues, including 8 high-severity findings. Meta fixed the critical issues before launch. ...