Don’t trust it.
Check it.
Every confidential response from the Private & Confidential API carries a signed receipt anchored on Sui. Paste a receipt id — or run the full check, including the Intel TDX quote, on your own machine.
Four checks per receipt.
Signed receipt
Every confidential response returns an x-receipt-id. The receipt commits the request/response hashes — bodies are never stored.
Attested hardware
The receipt records the upstream GPU-TEE attestation — an Intel TDX quote checked before your prompt was forwarded, fail-closed.
Sui anchor
The receipt hash is committed on Sui — tamper-evident and publicly timestamped, read straight from a fullnode.
Check it yourself
verify.t2000.ai re-checks the anchor and signature for any receipt id; `t2 verify` runs the full check — including the TDX quote against Intel — on your machine.
// The browser explorer re-checks the anchor + signature; the TDX quote check runs client-side via the CLI.