home / solutions / protect AI models
AI model protection

Your model runs everywhere.
Nobody can steal it.

AI models represent years of training and millions in compute. eCora keeps weights and architecture encrypted during inference — even when running inside a customer's cloud.

protect your model how it works
eCora — model protection
0%
host memory visibility
any
ML framework supported
HW
attested at inference
Weights encrypted at rest and in memory
Architecture and config sealed inside container
Memory dump reveals only ciphertext
Hardware attestation per inference session
the challenge

Deploying a model means handing over the most valuable thing you've built.

Any host with memory access can extract model weights during inference and reconstruct your architecture. Cloud administrators, infrastructure staff, and malicious tenants all have this access by default — without any log entry.

Model weights readable from host memory during inference
Container filesystem exposes architecture and configuration
No way to prove the model hasn't been modified or backdoored
with eCora

Outputs come out. The model stays inside.

eCora seals your model and inference server inside a hardware-encrypted container before it leaves your machine. Weights are encrypted in memory during inference by the CPU itself — physically impossible to extract, even with root access to the host.

Weights encrypted at rest and in memory — extraction is physically impossible
Architecture and config sealed inside the container
Hardware attestation proves the model is genuine at every session
the process

Package, seal, and deploy to any customer — without exposure.

01
package
Containerize your model and inference server
Package your model and serving layer as a standard Docker container. PyTorch, ONNX, TensorRT, vLLM — any framework that containerizes works. No changes to the model code or serving logic.
02
seal
Encrypt weights and architecture locally
Run ecora seal on your model container. Every layer — including the model weights — is encrypted with hardware-bound keys on your machine. The sealed image contains no accessible plaintext.
03
deploy
Serve inference anywhere, stay in control
Customers run inference against your sealed model. Prompts go in, completions come out. The model weights never leave the enclave in plaintext. Revoke access instantly from your dashboard.
capabilities

Your IP stays yours — wherever your model runs.

Weight protection
Model weights are encrypted at rest and in memory during inference. No memory dump, regardless of host privileges, can reconstruct your model.
Framework-agnostic
Works with any ML framework that runs in a container. No runtime modifications, no custom serving layer, no framework-specific integration work.
Inference attestation
Each inference session is backed by hardware proof that the model is genuine and unmodified. Customers get a trust signal; you get audit evidence.
Revocable deployment
Stop any customer's inference access instantly from the dashboard. No model transfer, no redeployment, no waiting. Access ends the moment you revoke.