— Secure AI Collaboration

Collaborate on AI
without exposing data.

Prism AI runs joint AI workloads across organizational boundaries inside Trusted Execution Environments. Each party keeps its data private and shares only the result — with cryptographic proof of exactly what ran.

Read the docs
Free tier available ·RBAC + ABAC ·Multi-party
prism.ultraviolet.rs
Prism AI dashboard showing confidential computations and CVM status
2 parties · 0 inputs revealed
What is Prism AI

Secure multi-party AI for data that can't be pooled.

Some of the most valuable AI work spans organizations that cannot legally or commercially share raw data — hospitals, banks, telcos, research consortia. Prism AI lets them run a shared model or analysis together, with every input sealed inside a Trusted Execution Environment.

It is the collaboration layer of the Ultraviolet ecosystem: a commercial platform, with a free tier to start and enterprise tiers for production multi-party deployments.

Private inputs
Each party's data stays encrypted and isolated — invisible to other parties and to the host.
Shared result
Only the agreed output is released. The raw data never leaves any organization's perimeter.
Verifiable
Remote attestation proves which code ran on which data, so every party can trust the outcome.
Free to start
Begin on the free tier; scale to enterprise for production multi-party workloads.
How it works

Compute together.
Reveal nothing.

01

Each party brings its data

Every organization keeps its dataset inside its own boundary. Nothing is pooled, copied, or shared in the clear.

02

Computation runs inside a TEE

A Confidential VM loads the agreed workload in a Trusted Execution Environment. Inputs are sealed — even the host cannot read them.

03

Only the result comes out

Parties receive the agreed output and a remote-attestation proof of exactly what ran. Raw data never leaves any perimeter.

Capabilities

Built for collaboration
across boundaries.

Prism AI handles the hard parts of multi-party computation — isolation, access control, attestation, and orchestration — so partners can focus on the work, not the trust problem.

Multi-party computation

Run joint workloads across organizations with each party's inputs sealed from the others.

Confidential VMs

Provision, manage, and monitor hardware-isolated CVMs that the host operator cannot inspect.

Hardware abstraction layer

A unified HAL and runtime inside the enclave runs your workloads across AMD SEV-SNP and Intel TDX.

In-enclave agent

An execution scheduler and coordinator runs inside each secure enclave, driving the workload and its attestation end to end.

End-to-end encryption

Data stays encrypted in transit, at rest, and in use — algorithms and datasets are only ever decrypted inside an attested enclave.

RBAC + ABAC

Fine-grained access control with separate roles for dataset and algorithm providers — no party sees another's raw data.

Asset & computation management

Register, version, and govern datasets and algorithms, and define workloads as manifests of users and assets.

Remote attestation

Cryptographic proof of exactly which code processed which data, for every run.

Logging & instrumentation

Enclave monitoring, event tracking, and audit logging give you operational visibility into every confidential computation.

Pricing

Choose your plan.

Flexible pricing tailored to your security needs — start free in Prism Cloud, or scale to a custom enterprise deployment on your own infrastructure.

Trial
Free

Evaluate confidential AI on managed or your own infrastructure.

Managed or BYO CVM infrastructure
Max 10 minutes per lifecycle (Managed)
5 workspace members
Community support
Get started
Recommended
Enterprise
Contact Us

Production multi-party deployments, tailored to your organization.

Custom infrastructure allocation
Unlimited members & runs
Dedicated support & SLAs
Custom integration options
Contact sales
FAQ

Questions about secure
collaboration.

What is Prism AI?

Prism AI is a platform for secure multi-party AI computation. It lets multiple organizations run a shared model or analysis on their combined data without any of them exposing their raw data to the others or to the platform operator.

How is data kept private between parties?

Each computation runs inside a Confidential VM in a Trusted Execution Environment. Every party's inputs are encrypted and isolated in hardware. Other parties — and the host — only ever see the agreed final result, never the underlying data.

How do I know the right code actually ran?

Prism uses remote attestation to produce a cryptographic proof of exactly which code executed inside the TEE and on which sealed inputs. Every participant can independently verify that proof before trusting the result.

Is there a free tier?

Yes. Prism Cloud's free tier runs on managed infrastructure with up to a 10-minute execution lifecycle and up to 5 workspace members — ideal for developers, researchers, and teams evaluating the platform. Enterprise tiers add custom infrastructure, unlimited members and runs, SLAs, and on-premise deployment.

How does Prism relate to Cube and Cocos?

Prism AI is the collaboration layer of the Ultraviolet stack. It uses the same confidential-computing primitives as Cocos AI and complements Cube AI, which handles private single-organization AI.

What is a Confidential VM (CVM)?

A Confidential VM is a virtual machine backed by hardware-level memory encryption — AMD SEV-SNP or Intel TDX. The hypervisor and host OS cannot read the VM's memory, so even the infrastructure operator has no access to the data or model weights running inside. Prism provisions and manages these CVMs on your behalf.

What kinds of workloads can I run on Prism?

Any computation that processes sensitive data from multiple parties: joint model training, federated inference, cross-organizational analytics, privacy-preserving record linkage, and confidential data-sharing for research or compliance. You bring your algorithm and datasets as versioned assets; Prism handles the enclave orchestration.

Can I run Prism on my own infrastructure?

Yes. Prism Cloud offers a managed option for quick evaluation, but the Enterprise tier supports bring-your-own CVM infrastructure — on-premises servers with AMD SEV-SNP or Intel TDX support, sovereign cloud, or private VPC. Your CVMs, your hardware, your jurisdiction.

What does remote attestation actually prove?

Before any party's data is released into the enclave, the TEE generates a hardware-signed attestation report. That report contains a cryptographic measurement of the exact code loaded, the enclave configuration, and the platform firmware. Any participant — or an independent verifier — can check this report against the expected values to confirm the right algorithm is running unchanged, before releasing their data.

How are roles and access controlled?

Prism uses both RBAC (role-based) and ABAC (attribute-based) access control. Dataset providers, algorithm providers, and computation consumers have separate roles with strictly scoped permissions. No party can access another's raw assets — only the agreed output is shared, and the access policy is enforced inside the enclave.

One ecosystem

Part of the Ultraviolet
sovereign AI stack.

Three products, designed to work as one.

Sovereign AI Platform

Cube AI

Full-stack private LLM platform — inference, RAG, guardrails, governance, audit.

Explore Cube AI
Secure AI Collaboration

Prism AI

Run joint AI workloads across organizations without exposing any party's data.

You are here
Confidential Computing Foundation

Cocos AI

The open-source TEE abstraction layer the rest of the stack is built on.

Explore Cocos AI
— Get started

Put your data to work —
without giving it up.

Start free in Prism Cloud, or talk to the team about production multi-party deployments and enterprise tiers.

Try Prism Cloud Talk to sales
Free tier · RBAC + ABAC · Attested computation