Super Protocol, the confidential and self-sovereign AI cloud and marketplace, governed by smart contracts. Powered by #confidentialcomputing ❇️
Joined March 2022
- Tweets 1,147
- Following 6
- Followers 25,631
- Likes 1,835
469 Photos and videos
Pinned Tweet
30 Jul 2025
Forget central servers — Super SWARM by @Super_Protocol brings autonomous, verifiable compute to the next level 🧠
📽 Watch the demo: youtu.be/cazkNLGtE3c
#ConfidentialComputing #TEE #Web3 #AI
5
23
58
4,612
Congratulations to @GoogleResearch Health AI Developer Foundations (HAI-DEF) team on the launch of the HAI-DEF Showcase.
We're honored to see two confidential healthcare AI case studies developed by Yma Health and Super Protocol featured as the first entries in the "Technical Solutions and Tools" section of the showcase.
The two case studies demonstrate how the open medical foundation model #MedGemma 27B can be deployed in real healthcare workloads through Confidential AI. By transforming #TEE-enabled infrastructure into a verifiable confidential execution layer, Super Protocol enables sensitive data to remain protected during processing regardless of where the workloads run.
One implementation demonstrates confidential inference on @nvidia Blackwell B200 infrastructure hosted by @nebiusai AI Cloud, with patient EHR data remaining protected throughout processing. MedGemma anonymized patient records while preserving the clinical context and value of the data.
Another demonstrates MedGemma fine-tuning on NVIDIA H200 infrastructure using real patient dialogues, achieving a 9.4/10 evaluation score while preserving data confidentiality.
As the health tech ecosystem explores the potential of open foundation models and Confidential AI, sharing practical implementation examples on real healthcare data will be essential for accelerating adoption across research, clinical workflows, and precision medicine.
👉 HAI-DEF Showcase - link in comments
1
4
11
395
This fall, Confidential Computing ships at rack scale. 72 GPUs. One TEE.
NVIDIA announced Vera Rubin back in March. Now it's ramping to production.
Currently, each server forms its own TEE boundary: up to 8 GPUs, 2.3 TB shared memory. Vera Rubin extends this to the entire rack – 72 GPUs, 20.7 TB of shared memory in one TEE. Imagine what model will fit in there!
"Everything across this is secure because the AI model is so precious. This is the reason why this entire system obeys confidential computing." – Jensen Huang, NVIDIA CEO, GTC Taipei 2026
What can you do while waiting? We recently updated our GPU CPU TEE requirements guide, covering all available GPU TEE-capable SKUs, from Hopper to Blackwell, with compatibility details for Intel TDX and AMD SEV-SNP – and what is not TEE-capable as well.
Check them out and start deploying Confidential AI today. With Super Swarm – no TEE expertise required.
Links in comments 👇
1
6
14
331
→ NVIDIA Press Release nvidianews.nvidia.com/news/v…
→ GPU CPU TEE requirements superprotocol.com/resources/…
1
206
May 29
More organizations think they have Confidential Computing than actually do.
The CCC's new white paper "3 Degrees of Confidential Computing" makes this concrete: Level 1 migrating to Confidential VMs provides hardware isolation, but as the paper notes, “without integrating remote attestation, it does not meet the definition of Confidential Computing”.
However, what is even more telling is the direction in which the paper points beyond Level 3 towards Confidential AI: multi-CVM interactions, AI agent sandboxes, CC-aware network protocols and CC-enforced software provenance.
That future isn't theoretical for us. It's what Super Swarm is built on today – self-organizing, mutually attesting GPU clusters that form a single hardware-verified trust domain across cloud, on-prem, hybrid, and multi-cloud environments. Every interaction is independently verifiable. No custom builds. No TEE expertise required.
The complexity of operationalizing Confidential AI shouldn't become a project of its own. That's exactly the problem the execution layer should solve.
👉 Link to CCC paper in comments
CC has transitioned from a niche security technology to a strategic imperative for protecting data in use, but its security benefits depend on how deeply it is integrated into your stack.
Learn about the practical 3-level maturity model to help orgs roadmap their adoption. ⬇️
2
8
16
749
May 25
The feedback loop healthcare AI never got
A radiologist reviews a scan. The AI flags a suspicious mass. The patient is referred, biopsied, diagnosed. The physician closes the loop.
The AI never does.
Was the flag correct? Was it a false positive? The answer sits in a different EHR, a different department, sometimes a different institution – and arrives months later. Nobody systematically pipes that signal back to the model, because the infrastructure to do so was never built.
It is how healthcare has always been organized: services separated, records siloed, pathways fragmented. Imperfect, but functional enough for clinical care – and invisible enough that nobody felt the cost.
In most systems, the feedback loop is the first thing you set up. You ship, you measure, you iterate. The signal is fast, systematic, and the model improves. Healthcare AI never got that infrastructure.
Rory Pilgrim, Product Manager at Google Research, made an observation in the "Confidentially Yours" episode worth sitting with:
The slow feedback loop is not just a limitation. It is an opportunity.
If closing the loop leads to better outcomes – fewer missed diagnoses, fewer unnecessary recalls, models that improve on real-world data – institutions have a concrete reason to build the outcome pipelines they never prioritized. AI creates the business case for data infrastructure healthcare never had sufficient reason to build.
But acting on that immediately hits a structural wall.
Outcome data is patient data – highly regulated and, in most architectures, legally immovable. Traditionally, that immovability is the barrier. The data that would close the loop cannot cross the compliance boundary, so the loop stays open.
Super Swarm inverts the problem. Models can live anywhere – on-premise, in the cloud, across institutions. Instead of moving data to the model, computation runs inside a hardware-attested confidential computing environment – where even the operator cannot access what's being processed. Institution-specific outcomes never cross organizational or regulatory lines. The exposure risk is architecturally eliminated.
The feedback loop healthcare AI never got is now within reach.
🎥 "Confidentially Yours" with Rory Pilgrim and host Mike Bursell (Advisor, Super Protocol).
👉 Scan to watch the full episode, or find the link in the comments
3
7
15
615
May 25
Full episode on what safety really means in clinical AI, and why slow feedback loops are an opportunity: youtube.com/watch?v=WMjrzQhX…
2
203
May 18
"Born out of GPU scarcity, neoclouds now face a harder test." – McKinsey, November 2025
14–16% gross margin after depreciation. Lower than many non-tech retail businesses. The prescribed move is clear: orchestration, managed inference, platform layers. And the market is moving fast. But there’s something already inside the hardware that the stack race is overlooking.
H100, H200, B200, B300 — and every generation after — already include confidential computing capabilities. Super Swarm turns those capabilities into a verifiable confidential execution layer for neoclouds – enabling sovereign compute environments for sensitive data and AI workloads. GPU cloud instances stop being just rented compute and become independently verifiable confidential infrastructure. Customers with their own on-prem infrastructure can extend workloads into cloud instances without leaving the trust boundary.
That’s not just another platform feature. It’s a different category of infrastructure.
👉 McKinsey: The evolution of neoclouds and their next moves – link in comments
1
7
18
446
May 12
The faster AI scales, the faster confidence in it erodes
For nine years Stanford Human-Centered AI has tracked where AI actually stands and suggests where it’s heading across academia, industry, and government. The 2026 report is out. Here's what stood out.
Adoption is accelerating. Confidence is eroding.
70% of organizations now use AI in at least one business function. But look one layer deeper:
🔹 Among orgs that experienced incidents, those facing 3-5 per year jumped from 30% to 50%
🔹 "Excellent" incident response self-ratings fell from 28% to 18%
Deployment is accelerating. Confidence in handling what breaks is not.
Agentic AI is stuck – and the blocker isn't capability.
🔹 62% cite security as #1 barrier to scaling agentic AI – outpaces #2 by 24 percentage points
🔹 Scaled agent use sits in single digits across virtually every business function
🔹 Only exception: tech sector at 24% in software engineering, 22% in IT, 21% in service ops
Organizations aren't waiting for better models. They're waiting for infrastructure they can trust.
Medical AI hits the same wall – from a different angle.
Medical AI is ready to move into live clinical deployment. Prospective trials grew 28.5% year-over-year (417 → 536 in 2025). The pipeline is there.
But the data isn't:
🔹 Medical imaging training data is roughly 100x smaller than non-medical AI datasets
🔹 Fragmentation across institutions further limits the development of large-scale medical foundation models
The models are ready. The environment to run them on real data is not there yet.
Three sectors. Three blockers. One root cause:
the gap between how fast AI is being deployed and the infrastructure needed to actually trust what it does.
Trust is a vulnerability – and it cannot be legislated away. The policies are already multiplying faster than anyone can implement them – and fragmented regulations across jurisdictions don't provide the technical enforceability that sensitive workloads demand.
It demands proof that you can independently verify, automatically enforce, and continuously audit.
That is exactly what Super Swarm provides. It bridges the gap by delivering cryptographic proof of what actually ran, on which data, and across independently verified infrastructure. Super Swarm makes verifiable confidentiality an architectural guarantee – not a contractual promise.
9
20
237
Ask a hospital to run AI on their patient data. The answer is always the same.
A hospital, a GPU provider, and a medical AI vendor. Everyone has what the others need and none of them can just hand it over. The hospital won't send data to infrastructure they don't control. The vendor won't expose their model. The GPU provider can't take on liability for what runs on their hardware. The model never runs. The patient never benefits.
This is the real reason healthcare AI moves slowly. Not the models. Not the regulations. Trust is a vulnerability. Super Swarm solves it structurally.
In this demo we used a model from the @ProjectMONAI Model Zoo – open source, anyone can take it. The data is another story.
MONAI, originally started by @nvidia and @KingsCollegeLon, is the open-source framework for medical imaging AI. Used at Siemens Healthineers, Mayo Clinic, and beyond. Millions of downloads worldwide.
We deployed one of those models on Super Swarm. The app segments the spleen from a CT scan, calculates volume and area, and returns the results. What makes it different is the execution environment and the verifiable proof it leaves behind.
The computation runs inside a hardware-protected TEE. Patient data is processed within that sealed environment and never exposed to anyone – including us. Whether the infrastructure is public cloud, on-prem, or hybrid. No policy makes that guarantee. The hardware does.
At deployment, Super Swarm generates Deployment Evidence – a cryptographic proof of what code is running, in what environment, on what hardware. No compliance reports. No trust agreements. Access is granted only when the proof matches.
Ask a hospital to run AI on their patient data. With Super Swarm, the answer changes – wherever you run it.
👉 Scan to watch the full demo, or find the link in the comments.
1
9
21
393
Full demo: Super Swarm: Confidential Healthcare AI – MONAI CT Segmentation youtube.com/watch?v=xXc1jP9z…
217
The system works – until you try to automate it.
The trust domain spans every infrastructure, every organization. Data never leaves its sealed environment. Nobody depends on anyone else’s goodwill. And then the product team asks: can we automate this?
AI agents are already operating on behalf of organizations – querying data, calling models, chaining actions across boundaries. Not one request at a time. Thousands per hour. A bank deploys a fraud detection agent. It needs to cross-reference transaction patterns across three partner institutions in real time. Each request takes milliseconds. Each approval takes days. The fraud happened. The access request is still pending.
The verification model still applies. Sealed hardware. Cryptographic proof. A trust domain that spans every cloud and every data center. But the decision about who gets access can't wait for a human to review it. No administrator can keep up. No approval queue moves fast enough. The same rigor that made the first collaboration work becomes the bottleneck that makes the next hundred impossible.
This is Problem #4 of 4. The Access Problem.
Super Swarm solves this with policy-driven access. Each data owner defines their conditions once: what code, what configuration, what hardware qualifies to touch their data. When an agent requests access, it presents a cryptographic proof of its runtime environment – the same proof a human would review manually. The system checks it automatically. Match – execution is allowed. No match – nothing happens. No human in the loop. No delay.
The data owner’s role is simple: define the policy once. The system enforces it at whatever speed the agents operate. A hospital might set conditions as narrow as a specific model, a specific partner, a specific project. Or as broad as any application running inside verified secure hardware with a certified diagnostic framework. The policy reflects their risk tolerance – not the system’s limitations.
Hardware nobody can see into. Proofs that verify in milliseconds. Infrastructure that spans every cloud and every data center. Policies that govern access at the speed AI actually operates. Each piece exists because the one before it made it necessary. None of them works on its own.
That’s the system. That’s Super Swarm.
Trust. Control. Scale. Access. How they connect – link in the comments.👇
1
6
19
239
Trust. Control. Scale. Access – the full breakdown:
superprotocol.com/about/what…
4
103
Apr 30
The first data collaboration works. Then your AI roadmap asks for ten more.
One partnership took long enough that everyone forgot how it started – legal, compliance, integration, security review. The model trained, the results were good, and everyone moved on. Then the product team came back with more ideas.
Every new partnership becomes its own project – not just operationally, but technically. Even with the same partners, nothing carries over. A new use case means new rules, new pipelines, new approvals. The environment gets rebuilt from scratch.
And the environment itself doesn't stay fixed. What starts as a well-defined setup quickly grows – participants, data, objectives, rules, infrastructure – and becomes impossible to standardize or reuse.
▸ No neutral ground
A global FMCG brand – selling through multiple retail chains – wants to build audience models across three competing retailers. Each retailer sees part of the customer journey. The brand sees patterns across all of them. The value is in combining those views.
They need a shared environment – somewhere all four can bring data without exposing it to each other. But someone has to run that environment. And whoever runs it controls the execution – whether they can see the data or not.
No retailer will use a competitor’s infrastructure. No one agrees on a neutral third party. So they negotiate. And negotiate. Sometimes they never get there. The model never gets built. But even when they do – it works once. It doesn’t scale.
▸ Late to the party
Another version of the same problem. A fourth organization wants to join six months in. In the old model, that becomes everyone’s problem – new agreements, integrations, security reviews. Or they just don’t join at all.
The value is real. Getting there doesn’t scale.
This is Problem #3 of 4. The Scale Problem.
Super Swarm creates one environment all participants can join – a single trust domain that spans infrastructure, for any use case, at any stage.
Each organization stays on its own infrastructure. Data isn’t shared between participants – it only enters the sealed environment for execution and never becomes visible to or controlled by anyone else.
A new organization joins – whether they run on AWS, Azure, GCP, private cloud, or their own infrastructure. It doesn’t matter. Same rules. Same verification. No custom integration. No separate agreements.
To the workload, it’s one environment – without being tied to where it runs or who operates it. Adding a participant doesn’t create a new project – it extends what already exists.
That’s what makes it scale.
Problem #3 of 4. Next: The trust domain now spans every infrastructure, every organization. But what happens when AI agents start operating across it at machine speed – and access has to be granted and enforced without human involvement?
9
20
524
Apr 27
SOC 2 doesn't answer the question that kills the deal.
An enterprise company is evaluating an AI vendor. The demo went well. The use case is clear – processing sensitive contracts and financial records. The price works. And then, one question comes up:
If something changes on your end, or your provider's – what happens to our data?
The vendor points to their SOC 2 certification and their contract with the infrastructure provider. The customer's legal team reads it carefully. It explains how access is managed and what happens if something goes wrong. But it doesn’t define what is technically enforced at runtime – if anything is.
The question behind the question:
🔹 who can access your data at runtime
🔹 who can change how it’s processed
🔹 whether safeguards can be bypassed
Those are questions of enforcement – not just process. The deal goes on hold. Legal gets involved. Months pass. Nothing moves.
The problem isn’t security. It’s control at execution time. This is Problem #2 of 4. We call it the Control Problem.
Super Swarm answers those questions at the level where they matter – execution, not policy.
The encryption keys protecting your environment are generated inside secure hardware on your infrastructure – wherever it is – and never leave it. No copy exists – not with the infrastructure provider, not with us. The code is fully inspectable and runs on standard Kubernetes – your existing stack works without modification. Your infrastructure decisions outlast any vendor relationship.
The system that removes your dependency on partners is itself designed so you never depend on us either.
Problem #2 of 4. Next: you've solved trust between parties and you're not dependent on any single vendor. But what happens when you need to scale across dozens of organizations – all on different infrastructure?
10
19
305