Confidential inferencing is hosted in Confidential VMs with a hardened and fully attested TCB. As with other software assistance, this TCB evolves over time as a consequence of updates and bug fixes.
Overview films https://neilicyu433093.gynoblog.com/29755776/the-smart-trick-of-is-ai-actually-safe-that-nobody-is-discussing
