KEY TAKEAWAYS
Policy-based security is a promise. Hardware-enforced security is physics.
Zero-access architecture means no employee, no executive, no cloud provider, and no government can access decrypted user data.
US CLOUD Act jurisdiction follows the corporate entity, not the data center. Swiss/EU hosting on US hyperscalers does not resolve this.
The cost of hardware-enforced privacy is ~10% additional infrastructure cost, a fraction of the compliance and reputational risk it eliminates.
Confidential LLM inference will eliminate the last trust boundary within 12-18 months.
The Problem No One Talks About
Every major AI assistant on the market today, ChatGPT, Gemini, Copilot, operates under the same security model: policy-based access control. An employee with server access can read your data. A government subpoena compels the provider to hand over your keys. The cloud infrastructure provider can inspect your data during processing.
The industry response is reassurance: trust us, we have policies. But policies are promises, and promises break. A single breach, a single rogue employee, a single court order, and everything is exposed.
For European enterprises operating under GDPR, the Swiss nFADP, DORA, or FINMA requirements, this is not an abstract concern. The US CLOUD Act grants American authorities jurisdiction over data held by US companies, regardless of where that data is physically stored. Hosting in Zurich or Frankfurt on a US hyperscaler does not resolve the jurisdictional conflict, it merely disguises it.
"I'm deeply uncomfortable with these decisions being made by a few companies."
— Dario Amodei, CEO, Anthropic (November 2025)
0
Employees who can access your data
0
Scenarios where the CEO can grant access
~10%
Additional infrastructure cost
From Promises to Physics
Policy-based security must be replaced with hardware-enforced impossibility. The distinction matters: from we choose not to access your data to we physically cannot.
Three layers of protection work together to create a zero-access architecture:
Layer 1: Encrypted Data
Every piece of data is encrypted with keys derived from your password. Swisper never stores your master key. Without it, your data is indistinguishable from random noise, to our servers, to our engineers, to anyone.
Layer 2: Sealed Processing
All data processing happens inside AMD SEV-SNP enclaves, CPU-level sealed memory that even the hypervisor cannot inspect. The cloud provider, Google in this case, is locked out at the hardware level. No software exploit, no administrative access, no insider threat can bypass silicon-enforced encryption.
Layer 3: Cryptographic Proof
Before any encryption key is released, hardware generates a mathematical attestation proving that the correct, unmodified code is running inside a genuine secure enclave. This is not a log entry or a compliance checkbox. It is a cryptographic proof that can be independently verified.
The Technology Stack
Swiss Software. Cloud Hardware. European Data.
Four Scenarios. Four Impossibilities.
Security claims are meaningless without threat scenarios. Here is what happens when the worst happens:
1. A Rogue Employee
An engineer with full server access reads the database. With conventional AI providers, they see everything: emails, calendar, documents. With Swisper, the database contains only ciphertext. Memory is hardware-encrypted. They see nothing. Ever.
2. A Government Subpoena
Authorities arrive with a court order demanding user data. A conventional provider has the keys; they decrypt and hand over everything. Swisper can only hand over encrypted data. We do not have the keys. The court gets ciphertext, which is useless without the user's master key.
3. The CEO Under Coercion
Someone coerces the CEO to grant access to a specific user's data. At a conventional provider, the CEO calls IT, IT grants access, data is exposed. At Swisper, the CEO cannot grant access. Policy changes require a 3-of-5 key ceremony. Hardware blocks all access regardless of who requests it.
4. Cloud Provider Inspection
Google wants to scan Swisper's VMs. With conventional hosting, the hypervisor reads all VM memory. With AMD SEV-SNP, Google's hypervisor sees only encrypted noise. The hardware itself enforces the boundary.
The Regulatory Imperative
European enterprises face a tightening regulatory environment: GDPR, the Swiss nFADP, DORA for financial institutions, the EU AI Act, and FINMA requirements. Each demands demonstrable data protection, auditability, and, increasingly, sovereignty over processing.
The US CLOUD Act creates a direct jurisdictional conflict for any organization using US-controlled cloud services. Contractual assurances and EU hosting do not resolve this. CLOUD Act jurisdiction follows the corporate entity, not the data center location.
No AI Assistant Offers This Today
These are not policies. They are hardware-enforced physical impossibilities.
The ability to tell your clients, regulators, and board that no human can access their data, backed by cryptographic proof and not just a policy document, is a competitive advantage that compounds over time.
This is why we are building Swisper Secure Enclave.