Thunderwind
Verifiable Computation.
How do you prove that the code in the repo is exactly what’s running on the server — and that the data you receive actually came from that code? Thunderwind solves the “Last Mile” of trust: cryptographic proof that source → binary → runtime → output is an unbroken chain. Zero human access. Even we can’t peek inside.
The Problem
Cloud computing is built on trust. And in domains where trust isn’t enough — defense, finance, healthcare — that’s a liability.
“What code is actually running?” — The binary could differ from source.
“Who has access to the server?” — Cloud admins. Your admins. Attackers who compromised either.
“Is my data safe during processing?” — Memory dumps. Side channels. Insider threats.
“Can you prove the output is genuine?” — Not without trusting the entire stack.
SSH access means someone can look. Console access means someone can tamper. Cloud agents mean attack surface. Traditional infrastructure requires you to trust operators, providers, and every link in the supply chain. Trust doesn’t survive audits.
The Solution
Thunderwind eliminates trust by making verification possible. The core insight: seal the environment, prove the seal.
Hardware-Rooted Isolation (Intel TDX)
Trust Domains provide CPU-enforced memory encryption and isolation. Not even the hypervisor can read workload memory. The silicon itself enforces the boundary — no software can override it.
Custom Remote Attestation CA
Hardware generates cryptographic quotes proving exactly what code is running on what CPU. Our RA-CA validates these quotes against policy and issues short-lived identity certificates. You don’t trust our word — you verify the hardware’s signature.
Sealed Infrastructure
No SSH. No console. No cloud agents. Fully immutable OS images. The “Invisible Infra” approach: if there’s no door, no one can walk through it. Management happens through attestation-gated APIs only.
Cryptographic Binding
TPM and TDX measurements are bound to application keys. The output carries proof of its origin. You can verify not just what ran, but that nothing tampered with it during execution.
Who Needs This
Defense & Intelligence
Process classified data on commercial cloud. Run sensitive algorithms without exposing them to cloud operators. Workloads that require “eyes-off” guarantees — cryptographically enforced, not policy-promised.
Financial Services
Key management that proves keys never left the enclave. Trading algorithms protected from infrastructure operators. Compliance evidence that’s cryptographic, not contractual.
Healthcare & Life Sciences
PHI processing where you can prove no human accessed the data. Genomic analysis with mathematically enforced privacy. Research collaboration without exposing raw datasets.
AI & Machine Learning
Model inference where the model stays confidential. Training on sensitive data with provable isolation. Prove your AI system processes data exactly as claimed — no leakage, no logging, no side channels.
Enterprise Confidential Computing
Multi-party computation where no party sees the other’s input. Secure enclaves for M&A due diligence. Data clean rooms with cryptographic guarantees, not just legal ones.
Technical Foundation
Production Architecture
Built solo in 3 months. Complete chain of trust from silicon to UI:
- Guest Agent (Rust): Runs inside TDX, handles attestation and claim signing
- RA-CA (Rust): Remote Attestation Certificate Authority, validates hardware quotes
- Control Plane (Rust): Manages workload lifecycle and attestation policies
- CLI (Rust): Verification tool for trust chain inspection
- Infrastructure (Terraform + Packer): Provisions hardened environments with zero manual access
- Dashboard (React): High-density UI for cluster health and attestation status
Deployment Model
Runs on Azure DCesv5-series confidential VMs with Intel TDX support.
Learn More
Live platform and documentation: