Marlin

"Trust me bro" is not a security model. Attestation is.

TEE-based inference doesn't have to be built in-house by each provider. Marlin provides it as open, verifiable compute infrastructure. Same hardware guarantees. No proprietary stack required. Learn more: https://t.co/74v9a7R9gp

Meta's Private Processing puts AI inference inside a TEE. The host sees encrypted memory. Nothing else. Secure enclaves. Encrypted processing. Anonymous routing. Verifiable code. This is the new standard for private AI. How the full stack fits together: https://t.co/YpogC06DIs

TEEs solve a core AI problem: Models need plaintext to run, you can't compute on ciphertext. Usually, that means trusting the server. With a TEE, decryption happens inside a sealed enclave. The operator provides compute but can't see the data, removing the trust assumption.

When TACo relaunches under WEDF stewardship and/or Seal (https://t.co/kxPSk14gQP) launches on mainnet, a new KMS root seed ceremony can be performed against the relaunched network. That ceremony would re-establish a root seed backup for the new operational setup.

TACo has announced a transition in stewardship to the World Ethical Data Foundation (WEDF), with a planned network relaunch later in 2026. What this means for the Oyster Key Management Service (KMS) 🧵

Practically, the KMS can operate even while TACo nodes remain unavailable. However, there is a caveat: if all current KMS nodes were to go down, the ability for enclaves to derive secrets from the KMS will be lost forever.

What keeps this secure: the key material is never exposed to outside servers during backup. Recovering it means clearing multiple independent checks. Access policy sign-off, hardware-level verification, and threshold server availability all have to pass.

Think of it as two separate vaults for the same critical key, each built on a different system with its own access rules. If one path fails, the other continues working. Neither can be unlocked without clearing multiple layers of independent authorization.

If you’re not happy single, you won’t be happy in a relationship. True happiness comes from verifiable state transitions and knowing your data never left the enclave.

See: https://t.co/EWFuBV97vC

AWS now supports TPM-based EC2 instance attestation. Like Nitro Enclave attestation, it gives software a way to prove its identity and boot state cryptographically, instead of relying on “trust me.”

For Marlin Oyster SDK users, the goal is to make this verification easy. Developers should be able to check an EC2 instance’s attestation before trusting it, without becoming experts in TPMs, certificates, or AWS internals.