Private LLMs
What are Private LLMs​
Private LLMs are supported via a set of OpenAI-compatible APIs that run AI models within a trusted execution environment (TEE). This makes it possible to build new private AI applications or to migrate existing ones to run in a secure environment where your data remains private.
How Private LLMs Work​
- Send your prompt over HTTPS (just like any secure web request)
- Your prompt runs inside a Trusted Execution Environment where it is hidden from the cloud provider
- Get your result back over HTTPS, complete with a cryptographic signature
Available Models​
| Model | Parameters | Features | Best For | Access |
|---|---|---|---|---|
| google/gemma-3-27b-it | 27B | Multimodal (text + images), 128K context, 140+ languages | Visual reasoning, long-context analysis, multilingual applications. | Testnet |
| openai/gpt-oss-20b | 20B | Chain-of-thought reasoning, tool calling, configurable effort levels | Agentic workflows, complex reasoning tasks. | Apply for access |
| meta-llama/Llama-3.1-8B-Instruct | 8B | Chat completion, tool support | More complex tasks, detailed responses, code generation. Higher quality but slower inference. | Apply for access |
Key Features​
- Drop-in Privacy: Keep your OpenAI-style code, just point it at a private LLM
- Privacy Through TEEs: All processing happens within a TEE, built on NVIDIA Confidential Computing
- Standard Security: HTTPS encryption provides end-to-end protection for all data in transit between your application and the TEE environment
- Cryptographic Attestation: Verify the integrity of your TEE environment through our attestation API
- Signed Responses: Every model response includes a cryptographic signature for verification
Attestation & Verification​
Two layers of cryptographic proof are provided:
-
Environment Attestation: Verify your TEE's integrity through the attestation endpoint, including:
- GPU environment verification
- Service verification through a verifying key
-
Response Signatures: Every chat completion response includes a cryptographic signature, allowing you to verify that the response came from the attested environment.
Getting Started​
- Get access to private LLMs by obtaining your nilAI API key and node URL
- Use your API key to check the
/modelsendpoint for available models - Start running private AI using your chosen model
- Optionally, verify your environment using the attestation API
Enhance by Providing Context from Private Storage and nilRAG​
Optionally, you can use nilRAG to allow private LLMs to access nilDB private storage in order to retrieve relevant context! See nilRAG documentation for details.