DEV Community: Soulman

Phala Network Just Added Two Powerful Open Models to Its Inference Platform

Soulman — Wed, 27 May 2026 17:13:33 +0000

Note: This article is adapted from the official Phala Network model listings on X. Check it here: https://x.com/phalanetwork/status/2058276251111174317

If you’ve been watching the AI infrastructure space, you already know that most inference providers make you pick a lane. You either get capable models or you get a platform you can actually trust with sensitive work. Phala Network is quietly making that trade-off irrelevant, and two new model listings are a good example of why.

What Just Got Listed

Two new models are now live on Phala’s inference platform.

1️⃣ The first is Qwen3.6 35B-A3B Uncensored, built on Alibaba’s latest mixture-of-experts architecture. It was fine-tuned by HauhauCS and quantized to FP8 precision by lamianlbe. In testing, it recorded zero refusals across 465 prompts, which tells you something about how it performs on real-world tasks that other models tend to sidestep.

Check it below ⬇️
🤗 https://huggingface.co/HauhauCS/Qwen3.6-35B-A3B-Uncensored-HauhauCS-Aggressive
On Phala models 🔗: https://phala.com/models/phala/qwen3%2E6-35b-a3b-uncensored

2️⃣ The second is Gemma-4 26B Uncensored, referred to as the Heretic edition. It’s based on Google’s Gemma 4 MoE and was fine-tuned using the ARA method from Heretic v1.2.0 by coder3101, then quantized by cloud19. That fine-tuning brought its refusal rate from 100 out of 100 down to 11 out of 100, a significant shift for builders who need a model that actually completes the task.

Check it below ⬇️
🤗: https://huggingface.co/coder3101/gemma-4-26B-A4B-it-heretic
On Phala models 🔗: https://phala.com/models/phala/gemma-4-26b-a4b-uncensored

Why the Infrastructure Behind These Models Matters
The models themselves are notable, but what Phala brings to the table goes beyond the listings. Every model on the platform runs inside a TDX-attested H200 enclave, and responses are signed using ECDSA. In plain terms, that means each inference call comes with cryptographic proof that it ran in a secure, isolated environment and that the output was not altered between the model and your application.
For most use cases this might sound like extra detail. But if you’re running agent workflows, processing user data, or building anything where the integrity of the output matters, this is the kind of guarantee that changes how you architect things. You’re not just trusting the provider’s word. You have proof you can verify.

Why Phala Is Worth Following Right Now
Open, capable models have been available for a while. Secure compute environments have also existed for a while. What’s been missing is a platform that combines both without asking developers to manage the complexity themselves. Phala does that, and it keeps adding to the model catalog in a way that makes the platform more useful for production work over time.

Builders working on AI agents, institutions that need audit-ready inference, and developers who want flexibility without giving up reliability all have a reason to look at what Phala is building. The two models listed today are a good starting point, but the more important thing to understand is the infrastructure they’re running on.
Both models are available now at https://phala.com/models

AI Agents Can Now Take Real Orders. Here Is the Infrastructure Making That Possible Without Cutting Corners on Trust

Soulman — Wed, 27 May 2026 10:36:52 +0000

Note: This article is Adapted from the official Phala.com announcement. Check the announcement here: https://x.com/phalanetwork/status/2057933195459572004

Something quietly significant just happened in the AI agent space. Clawdi integrated the official McDonald’s MCP into OpenClaw, meaning users in China can now place a McDonald’s order through an AI agent without touching the McDonald’s app directly. The agent handles the whole interaction. The template they built to make this work is fully open source, so any developer can pick it up, study it, and build on top of it. It lives on GitHub and runs on Phala Cloud, and that last part is what makes this more than just a neat demo.

What Is Actually Happening Here
MCP, which stands for Model Context Protocol, is essentially a standard way for AI agents to talk to external services. Think of it like a universal plug that lets an agent connect to a restaurant ordering system, a payment processor, or any other service that supports it.
Clawdi took the official McDonald’s MCP that was published on GitHub and wrapped it into a ready-to-deploy template on Phala Cloud. So instead of building the connection from scratch, a developer can grab the template, deploy it, and have a working agent that can take orders in minutes. That accessibility is the point. It lowers the barrier for anyone who wants to build real-world agent applications without starting from zero.

Why Phala Is the Part Worth Watching

The reason this runs on Phala specifically is not just convenience. Phala Cloud processes everything inside a Trusted Execution Environment, which is a sealed section of the processor that keeps data private even from the server it is running on. When the agent handles an order, the details of that transaction are processed in an environment that cannot be tampered with or read by outside parties, and that can be verified on-chain.
Most cloud infrastructure cannot offer that. For agent applications that handle real user data, whether that is food orders today or financial transactions tomorrow, that level of trust matters. Phala is one of the few platforms where you can build an AI agent that is not just functional but genuinely verifiable. That is a meaningful distinction in a space where trust is still one of the hardest problems to solve, and this McDonald’s integration is a real-world proof point of what that looks like in practice.

If You Are Building, This Is Worth Your Time

If you are a developer exploring agent infrastructure, the McDonald’s MCP template is live on Phala Cloud at http://cloud.phala.com/templates/mcd- and the source is open on GitHub. Check it here: https://github.com/M-China/mcd-mcp-server You can deploy it, pull it apart, and use it as a foundation for whatever you are building.
If you are a builder working on real-world agent applications and looking for infrastructure that does not cut corners on privacy, Phala Cloud is a serious option worth testing.
And if you are on the institutional side, evaluating where verifiable AI infrastructure is heading, this integration is an early signal of what production-ready agent deployments look like when trust is built into the stack from the start. The tooling is here, the use cases are starting to show up, and the foundation Phala has built means this is only going to get more interesting from here.

Phala.com Now Gives Every TEE App Its Own Trust Center

Soulman — Sat, 23 May 2026 23:34:15 +0000

*Note: Adapted from the official Phala.com announcement. Original post published on the Phala Network blog.
*

Every TEE app on Phala now has its own trust center, and here is why that matters for anyone building or evaluating secure applications today. The launch of trust.phala.com gives each app running inside a Trusted Execution Environment its own dedicated space where its security and execution can be independently verified. This is not a minor update. It is the kind of infrastructure that changes how developers ship and how institutions decide what to adopt.

What the Trust Center Actually Does
Trust.phala.com works like a live verification page for any app running in a secure enclave on Phala Network. Anyone can visit it, see exactly what is deployed, and confirm that the app has not been altered or interfered with. That level of openness is what separates a claim of security from actual proof of it. Until now, verifying that a TEE app was doing what it said it was doing required technical knowledge most users and institutions simply do not have. This changes that by putting the verification in one accessible place.

Why Developers Should Care
When you build something and tell people it is secure, you are asking them to take your word for it. That is a hard sell, especially in environments where trust has to be earned through evidence rather than reputation. With a dedicated trust center for every app, developers now have something concrete to point to. It adds a layer of credibility to whatever you ship without requiring your users to understand the technical details behind it. The app runs in TEE-secured cloud, private by default, and now there is a public place that proves it.

Why Institutions Are Paying Attention
For any organization evaluating whether to use or integrate a confidential computing application, auditability is usually one of the first questions asked and one of the hardest to answer cleanly.
Institutions need to know what is running, how it is protected, and whether they can verify that independently. Trust.phala.com removes a significant blocker by giving institutions a direct way to do exactly that. It is the kind of transparency that makes adoption easier to justify internally, and that is what moves things from evaluation to actual deployment.
*You can always check Phala.com for more information *

Most Tool Switches Are a Headache. On Clawdi, It’s Just One Step.

Soulman — Sat, 23 May 2026 23:26:58 +0000

Note: Adapted from the official Clawdi/OpenClaw announcement.

Switching tools mid-project is usually more painful than it should be. Most of the time it means re-configuring settings, rebuilding context, and explaining to the new tool what the old one already knew. For developers who move fast, that kind of friction adds up quickly. If you have been putting off switching from OpenClaw to Hermes because you expected that kind of hassle, this is worth reading.

You Don’t Have to Start Over
If you are already on Clawdi, switching from OpenClaw to Hermes does not require any setup from scratch. That is not a small thing. Normally when you move between tools, you lose the thread of what was happening. Here, because Clawdi holds everything in one shared encrypted environment, your context and memory are already there waiting. The switch itself is the only step.

Why the Shared Environment Makes This Possible
Clawdi is designed so that all the tools inside it, OpenClaw, Hermes, and others, work from the same foundation. They share the same memory and the same context. So when you move from one to the other, nothing gets lost in transit. There is no handoff problem because there is no gap between them to begin with. That is the core of what makes this different from how most AI tooling works.

What This Means in Practice
You switch to Hermes and pick up exactly where you left off. No re-explaining, no rebuilding, no lost progress.
For anyone running active workflows on Clawdi.ai, this is how tool switching should feel. Fast, clean, and with zero overhead. The environment handles the continuity so you do not have to.

Phala Network at muShanghai’s AI Security Day

Soulman — Sat, 23 May 2026 23:22:51 +0000

Note: Adapted from the official Phala Network post on X. See the post here: https://x.com/phalanetwork/status/2054584212284645865

Phala Network showed up at muShanghai’s AI Security Day, and it was one of the more grounded sessions at the event. Dr. Shelven Zhou, Phala’s Head of Research, led a hands-on workshop that walked attendees through how Phala works and what the team has been building. It was a live, technical session, not a pitch deck, and that’s exactly the kind of showing that gets developers paying attention.

What the Workshop Covered
Dr. Zhou covered both Phala Network and OpenClaw, the AI environment built on Clawdi that powers the OpenClaw and Hermes agents. The session gave developers a real look at how these tools work together and why the underlying infrastructure matters. Every computation on Phala runs in TEE-secured cloud, private by default, meaning the work happening inside cannot be seen or tampered with, even by the host. That’s not a feature you bolt on later. It’s built into how the whole system runs from the ground up.

Why This Matters for Developers
If you’re building AI agents and you need people to actually trust what those agents are doing, the environment they run in matters just as much as the code you write. Phala gives developers that foundation without making them figure it out themselves.

When “Trust Us” Stopped Being Enough for AI Data Compliance

Soulman — Wed, 13 May 2026 06:09:05 +0000

Note: Adapted from the official Phala Network blog post: “What Privacy-Preserving Compute Means for AI Data Compliance” published May 8, 2026 at https://phala.com/posts/privacy-preserving-compute-means-for-ai-data-compliance

If you’re building AI products that handle sensitive data, there’s a question you will eventually face in a compliance audit that most teams are not prepared for. Not “is your infrastructure secure?” but “can you prove it?” Those two questions sound similar but they are completely different problems, and the gap between them is where a lot of AI projects quietly fall apart.
Consider a straightforward scenario: an insurance company wants to use an AI model to process customer claims. The data involved includes medical records, bank details, and personal information protected under GDPR. Their cloud provider offers an encrypted virtual machine and says the data is safe. The legal team asks one question: “Prove it.” The proposal collapses. Not because the technology is bad, but because a promise and a proof are not the same thing, and in regulated environments, only one of them counts.
Any AI system that processes personal data faces three questions that a serious compliance audit will ask. Can data leave the environment without authorization? Is the code running inside the system actually the code that was reviewed and approved? And can anyone outside the environment read what is happening in memory while it runs? Miss any one of these and your compliance evidence has a gap in it. This is the problem Phala is built to solve.

How Phala Turns Security Claims Into Verifiable Proof

Phala’s open source runtime, dstack, runs AI workloads inside Intel TDX hardware environments where the contents are encrypted at the CPU level. This matters because it means the cloud operator, the host operating system, and anyone outside that environment simply cannot read what is happening inside it. That shifts the conversation from “we promise not to look” to “we are technically incapable of looking,” which is a much stronger position when you are dealing with regulators or legal teams.
Network access controls in this setup are enforced at the host layer, outside the container entirely. Nothing running inside the environment can modify those rules, even with full administrative access. The policy governing what the workload can and cannot connect to gets written into a hardware register, and that information shows up in every attestation report the system produces. An auditor does not have to take anyone’s word for it. They can check the report themselves.
The code integrity piece works through a system called a compose-hash. The idea is straightforward: the same source code, built on any machine, should produce an identical result. That result gets tied into the hardware attestation, creating a traceable line from “this code was reviewed by a third party” to “this exact version is what is running right now.” For teams building in regulated environments, that traceability is what turns a security claim into something you can actually demonstrate.

Why This Matters Now and Who Should Be Paying Attention
The compliance environment for AI in 2026 has shifted. GDPR has been around long enough that organizations know what it requires. The EU AI Act adds another layer specifically for high-risk AI systems. Together they make provable data protection a product infrastructure requirement, not something you hand off to the legal department to figure out later. Industries like insurance, healthcare, and financial services are already feeling this directly. The question has moved from “how fast can this model run” to “how do we demonstrate that sensitive data is protected at every layer.”
What makes Phala worth watching in this context is that dstack is fully open source under the Apache 2.0 license. An auditor can clone the repository, reproduce the build, and verify the result without involving Phala at all. Phala Cloud, the managed service, runs the same codebase in production and adds monitoring, access controls, key management, and attestation tooling on top. Teams that need to get to production without building all of that themselves have a real path forward.

If you are a developer, the repository is on GitHub and you can start exploring the build verification process today. If you are building a product that handles sensitive user data, Phala Cloud gives you the compliance infrastructure without starting from scratch. And if you are part of an institution evaluating AI infrastructure for a regulated environment, this is the architecture that is worth a serious look. You can start at https://docs.phala.com/ or find dstack directly on GitHub.

One Environment, Every Tool: How Clawdi Connects Your AI Workspace

Soulman — Wed, 13 May 2026 05:59:42 +0000

Note: Adapted from the official Clawdi LinkedIn post. See it here: https://www.linkedin.com/posts/clawdi-ai_without-clawdi-openclaw-its-own-memory-activity-7459669710788493312-P_RE?utm_medium=ios_app&rcm=ACoAADsG-68BIAAu9aqgxUXf6Ouw4ExTypv89JY&utm_source=social_share_send&utm_campaign=copy_link

If you work with more than one AI tool, you already know the frustration. You build context in one place, switch to another tool, and start from zero again. Every tool has its own memory, its own workspace, and no awareness of what happened anywhere else. OpenClaw, Hermes, Claude Code, Codex. each one operates in its own bubble. That is just how most AI tooling is built right now, and for developers juggling multiple agents in a single workflow, it creates a real coordination problem.

Why Separate Memory Is a Problem
When every tool keeps its own context, you end up doing a lot of manual work to keep things consistent. You copy outputs from one tool into another, re-explain what already happened, or lose track of decisions made earlier in the session. It slows things down and introduces room for mistakes. The tools are not talking to each other because they were never designed to. Each one just knows what it saw.

What Clawdi Does Differently
Clawdi puts all of these tools into one shared encrypted environment. OpenClaw, Hermes, Claude Code, and Codex all work from the same context and the same memory. When something happens in one tool, the others are aware of it. You are not starting fresh every time you switch. The ground truth stays consistent across the whole setup, which is a meaningful change for anyone running multi-agent workflows or building anything that requires these tools to hand off work to each other.

Why It Matters for Builders
The practical benefit is less overhead. You spend less time bridging the gap between tools and more time actually building. A shared encrypted environment also means that consistency does not come at the cost of security.

For builders who care about how their data is handled across tools, that combination is worth paying attention to. Clawdi.ai is not just connecting tools, it is giving them a common foundation to work from.

A 30-Day AI Operator Plan for Small Teams

Soulman — Wed, 13 May 2026 00:16:24 +0000

Note: Adapted from the official Clawdi Cloud blog post, published April 30, 2026. Find it here: https://www.clawdi.ai/blog/new-month-fewer-dropped-balls-a-30-day-ai-operator-plan-for-small-teams

Small teams don’t fail because of bad ideas. They fail because things fall through the cracks. A follow-up nobody sent. A deadline that crept up. A task that belonged to everyone so nobody actually did it. By week two the clean plan you started with is already leaking, and the rest of the month becomes damage control.
This is not a strategy problem. It’s a coordination problem, and

that’s exactly what Clawdi Cloud is built to fix.

What Clawdi Cloud Actually Does
Clawdi Cloud is an AI operator workspace where multiple specialized agents share the same memory and operating context. They work together across your real workflows instead of in isolation, so your team stops relying on sticky notes, group chats, and memory to keep things moving.

The 30-Day Rhythm
On day one you set goals and break them into weekly checkpoints. Each week you run three reviews covering pipeline health, customer signals, and deadline tracking. Each day you get a short brief, follow-up nudges, and an end-of-day summary of what moved.
Over 30 days that structure saves founders three to five hours a week, marketing leads four to six, and ops people five to eight. Most of it comes from cutting the back and forth of chasing status updates and trying to remember where things stand.

Why Small Teams Need This More
Large teams have dedicated people to absorb coordination failures. Small teams don’t. When something slips there’s usually nothing catching it, and the cost shows up fast.
Clawdi Cloud converts that reliance on memory and heroics into something more dependable. Your team still makes the decisions and does the work. The system just makes sure nothing gets forgotten along the way.

Why Hardware-Level Privacy Is Becoming the New Standard for Cloud Security

Soulman — Wed, 13 May 2026 00:07:05 +0000

Note: Adapted from the official Phala Network blog and announcements. Find it here: https://x.com/phalanetwork/status/2049122456334651792

The TEE market is projected to reach $12.36 billion by 2030, growing at a 20.8% CAGR. That kind of growth doesn’t happen without a real problem driving it. The problem here is straightforward, as more sensitive data moves through cloud systems and AI pipelines, the existing approach to security is struggling to keep up. Encrypting data while it sits in storage or travels across a network is well understood, but the moment that data gets processed, it becomes exposed. That window is where attacks happen, and it’s a gap that traditional cloud infrastructure was never designed to close.

Why Software Security Alone Is No Longer Enough
Most cloud security today focuses on protecting data before and after it’s used, not during. When a workload runs on a standard server, the host system has visibility into what’s happening. That means the cloud provider, a compromised administrator, or anyone who gains access to the underlying hardware can potentially see what’s being processed. For general web applications, this tradeoff has been acceptable. But as AI agents handle more sensitive tasks, financial logic, personal data, and automated decision-making, that exposure becomes a serious risk. Hardware-level isolation through Trusted Execution Environments changes this by creating a sealed space where computation happens completely out of reach, even from the machine running it.

How Phala Is Built Differently
Phala didn’t add privacy as a feature on top of existing infrastructure. It built the entire network around TEE-secured cloud from the ground up, which means every workload that runs on Phala is private by default. There’s no configuration required to enable protection, it’s simply how the system works. Developers building AI agents or handling sensitive data don’t have to redesign their security model to fit Phala, they just get hardware-enforced privacy as the baseline. That’s a fundamentally different position from most cloud providers, where confidential computing is an optional upgrade rather than the foundation.

Why This Matters as AI Agents Scale
The timing of this infrastructure shift lines up directly with where AI development is heading. Agents are becoming more capable and more autonomous, which means they’re also handling more sensitive operations. A system that can verify its own integrity, prove it hasn’t been tampered with, and keep data private throughout processing is exactly what’s needed as these workloads move into production environments. Phala’s infrastructure is already built for this, making it one of the few networks positioned to meet that demand at scale.

If you’re a developer building AI agents or working with sensitive workloads, Phala’s infrastructure is worth exploring. The documentation is solid, integration is more straightforward than you might expect, and you’re working with hardware-enforced privacy from day one rather than bolting it on later. Head over to the Phala Network docs: https://docs.phala.com/ and see where it fits into what you’re building.

Phala.com Is Partnering With AI x Web3 School to Put Private, Verifiable Compute in Developers’ Hands

Soulman — Wed, 06 May 2026 22:52:54 +0000

Note: Adapted from the official Phala.com X announcement; check it HERE: https://x.com/phalanetwork/status/2051365284183671144

Phala.com is partnering with AI x Web3 School, a global developer program run by LXDAO and ETHPanda, to bring privacy-preserving compute into the hands of builders working at the crossover of AI and Web3. The program is structured around a Bootcamp and Hackathon, and the goal is simple: help developers go from understanding concepts to actually shipping projects. Courses are free and open right now, so if you have been sitting on an idea at this intersection, the barrier to getting started just got lower.

The collaboration centers on giving participants real exposure to infrastructure that runs in TEE-secured cloud environments, private by default. That means the code and data being processed stay protected during execution, not just in storage. For developers building AI agents that interact with onchain applications, this distinction matters a lot. Phala technical experts will be present during the Hackathon itself, walking through deployment step by step rather than just presenting slides, so participants leave with skills they can actually reuse.

Why Trusted Compute Is Becoming a Foundation Layer
As AI agents become more capable and start handling real tasks, the question of where they run and whether their outputs can be trusted becomes unavoidable. Running an agent in a standard cloud environment gives you no way to verify that the execution happened as intended or that sensitive data was not exposed along the way.
TEEs solve this by creating a hardware-level isolated space where computation happens privately and the results can be verified. Phala has been building this infrastructure specifically for decentralized AI use cases, and this partnership brings that work directly into a learning environment designed around practical building.

What Participants Will Actually Work On
The curriculum covers how TEEs provide isolation and verifiability for AI computation, how to think about model execution and data privacy when agents need to interact with onchain systems, and how to structure Hackathon projects around these building blocks.
High quality projects and case studies from the program will be documented in an open-source Handbook, turning individual builds into reusable references for the wider developer community. The program also connects participants across both the Phala and AI x Web3 School ecosystems, which matters when you are building in a space where community and infrastructure access go hand in hand.

Getting Started
The current phase of AI x Web3 School is free and open to developers. Whether you are new to this space or already building and looking to understand the infrastructure layer better, the program is designed to meet you where you are. Pre-registration is open now at https://web3career.build/en/programs/AI-Web3-School and you can follow aiweb3school for updates on course releases and Hackathon details.

Clawdi Just Changed How AI Agents Work Together

Soulman — Wed, 06 May 2026 22:45:25 +0000

Note: Adapted from the official X Clawdi announcement at https://x.com/openclawdiai/status/2049883505187074150?s=46

If you’ve been using AI coding agents for any serious amount of work, you’ve probably noticed the same frustration. Claude Code on your laptop doesn’t remember what Codex did on another machine. Switch frameworks and you’re starting over. Every session is a blank slate, and all the context you built up just disappears. That’s not a tooling problem, it’s a fundamentally broken workflow, and it’s one that most developers have just quietly accepted as normal. Clawdi was built to fix it, and this latest update is the most complete version of that vision yet.

The idea is straightforward. Instead of your memory, files, API keys, and skills living inside a specific agent, they live in Clawdi. Every agent connects to that same environment. Switch from Claude Code to Codex to Hermes and nothing is lost, because the context was never tied to the agent in the first place. It all runs in a TEE-secured cloud, which means your keys and memory are private by default, not sitting on a shared server somewhere with no visibility into how they’re handled.

The Hermes Agent and What It Actually Does
The headline feature in this update is the Hermes Agent, now available to deploy in one click from the dashboard. What makes it different from a standard agent setup is that it builds on what it learned from previous tasks rather than resetting each time. It holds memory across sessions, picks up where Claude Code left off, and comes with over 200 tool integrations already configured so there’s no manual setup involved. If you’ve spent time getting an agent into a useful state only to lose that context when you close the session, Hermes is the direct answer to that.

A Dashboard That Actually Shows You Everything
The Clawdi Cloud dashboard was rebuilt around the idea of a single view for all your agents. Claude Code, Codex, Hermes, and OpenClaw sessions now appear side by side, with activity history, recent sessions, messages, memories, vault keys, and connectors all accessible from one place. Adding a new agent means pasting one prompt into your tool of choice and it configures itself and shows up in the dashboard automatically.

New additions include a built-in console with a terminal and file editor, an Agent Portraits page that gives each agent a shareable public profile, and a Connectors page with over 500 tools you can add in one click. Built-in skills now cover searching X posts, browsing live news, and checking Polymarket predictions out of the box, and messaging support spans 11 platforms including Telegram, Discord, Slack, and WhatsApp all managed from a single panel.

Pricing and How to Get Started
The free tier gives you access to either OpenClaw or Hermes running in hardware-secured infrastructure with support for 13 or more messaging apps. Pro at $29 a month unlocks both agents together along with a web terminal and custom ports. Max at $99 a month steps up to 4 vCPU, 8GB RAM, and 40GB storage. Enterprise covers SSO, audit logs, and a 99.9% uptime guarantee.

If you prefer to run it locally, the full version is available via npm install -g clawdi, MIT licensed and free to keep. It works with Claude Code, Codex, Cursor, OpenClaw, and Hermes. The whole thing takes under three minutes to get running and you can start for free at clawdi.ai.

One Framework to Run Confidential Workloads Across AWS, Google Cloud, and Phala

Soulman — Wed, 29 Apr 2026 23:21:01 +0000

Note: This article is adapted from the official Phala Network post: “dstack: One Confidential Compute Framework Across AWS, Google Cloud, and Phala” — published April 23, 2026. see it here: https://phala.com/posts/dstack-one-confidential-compute-framework-aws-google-cloud-phala

If you have ever tried shipping something on confidential compute infrastructure, you know the setup tax is real. Choosing AWS Nitro Enclaves or Google Cloud Confidential VMs is not just a hosting decision. It pulls in a whole chain of choices about how you package your workload, how your application proves its identity, and how it gets access to secrets at runtime. Every platform does this differently, and if you ever need to move between them, you are essentially starting from scratch.
That is the specific problem dstack is solving. It is an open framework from Phala.com that lets you write one workload definition, in standard Docker Compose format, and deploy it across AWS, Google Cloud, or Phala own infrastructure without rebuilding your trust model each time. On Google Cloud your workload runs inside a Confidential VM. On AWS it gets packaged into an enclave image. Either way, the environment is hardware-secured, the cloud provider cannot read your memory, and a compromised host machine cannot reach inside what is running. That baseline protection holds regardless of which backend you are on, and your application does not have to be written differently for each one.

The Verification Step Most Systems Skip

Here is where dstack separates itself from tools that just wrap cloud deployment in a nicer interface.

When your workload boots, it does not automatically get access to secrets just because it is running in a secure environment. Before anything sensitive is released, the workload has to prove exactly what code is running inside it. That proof is a cryptographic measurement, a fingerprint of the workload at that exact moment, and it gets sent to dstack’s key management component for verification. If the measurement matches what was previously authorized, keys get released. If the code has been changed in any way, the measurement is different and nothing gets released. No exceptions.
Your application talks to dstack through a consistent local interface regardless of which backend is underneath. On Google Cloud a component called the Guest Agent handles the verification work. On AWS a smaller utility called dstack-util does the same job inside the enclave. The backend differs because the platforms differ, but the interface your application sees and the logic your trust model follows stays the same across both. That is the design choice that makes dstack genuinely portable rather than just multi-cloud in name.

What Phala.com Brings to the Table Beyond the Cloud Providers

Hardware-secured environments are something AWS and Google both offer. What Phala adds through dstack is a policy layer that sits above all of it.

Rather than keeping authorization decisions buried inside your infrastructure config, dstack lets you register approved workload measurements on-chain. That means any change to what your system trusts is recorded, visible, and traceable by anyone who needs to verify it. Governance over your trust model gets lifted out of the infrastructure layer entirely, which is meaningful when you are running sensitive workloads across multiple teams or need to demonstrate compliance to someone outside your organization. And because that policy layer is not tied to any single cloud backend, it works consistently whether you are on AWS, Google Cloud, or Phala’s own network.
This matters most for AI infrastructure. Model weights, inference inputs, API credentials, proprietary business logic running inside a model server. These assets need protection while the application is actively using them, not just while they are sitting in a database. Most encryption handles the storage problem. dstack handles the runtime problem, and it does it in a way that does not chain you to one cloud provider’s implementation of secure compute.
The dstack repository is public and worth exploring if you are building anything in this space. Phala has put real work into making confidential compute portable in a way that holds up past the demo stage, and the GitHub documentation walks through both the Google Cloud and AWS deployment paths in practical detail.

Interested in building with dstack? Visit the official https://phala.com/ site and explore the dstack GitHub repository to dig into the code and deployment guides.