Harpocrates

Introduction

What is Harpocrates?

Harpocrates is a privacy-preserving AI inference engine built on Horizen Base L3. Named after the god of silence and secrets, Harpocrates enables you to run AI models on encrypted data without exposing your sensitive information.

Unlike traditional AI APIs where your prompts are visible to the service provider, Harpocrates processes your data inside a Trusted Execution Environment (TEE), ensuring complete confidentiality throughout the inference process.

How Confidential AI Inference Works

Harpocrates follows a three-step process to ensure privacy and correctness:

1. Encrypt

Your sensitive prompts are encrypted client-side using industry-standard encryption before being sent to the Harpocrates network.

2. Compute in TEE

The encrypted data is processed inside a secure enclave (TEE) where the AI model performs inference. The enclave ensures that neither the operators nor any external party can access your data.

3. Verify + Settle in ETH on Horizen L3

Zero-knowledge attestations prove that the computation was performed correctly inside the TEE. All inference requests are metered and settled on-chain in ETH on the Horizen L3 network while ZEN is not yet live on that chain.

This architecture ensures that your data remains encrypted at rest, in transit, and during computation—achieving end-to-end confidentiality.

Project Motivations

Traditional AI inference services require you to trust the provider with your data. This creates several challenges:

  • Compliance requirements prevent using cloud AI for sensitive data
  • Business secrets and PII are exposed to third-party providers
  • No cryptographic proof that computations were performed correctly
  • Centralized control over AI infrastructure

Harpocrates solves these problems by combining TEEs for confidential computation, zero-knowledge proofs for verifiable correctness, and blockchain settlement for transparent metering—all while maintaining the developer experience of traditional AI APIs.

Glossary

TEE (Trusted Execution Environment)

A secure area of a processor that guarantees code and data are protected with respect to confidentiality and integrity. Examples include Intel SGX and AMD SEV.

Enclave

An isolated execution environment created within a TEE where sensitive computations are performed without exposing data to the host system.

Zero-Knowledge (ZK) Attestation

A cryptographic proof that verifies a computation was performed correctly inside a TEE without revealing the input data or intermediate states.

Encrypted Prompts

User inputs that are encrypted client-side before being sent to the inference engine, ensuring the service provider cannot read the original data.

Inference

The process of using a trained AI model to make predictions or generate outputs based on new input data.

Settlement (ETH on Horizen L3)

Harpocrates currently meters and settles inference usage in ETH on Horizen L3 because ZEN is not yet available on that network. Receipts remain on-chain for transparent verification.