Skip to main content

Introduction

Polaris LLM is based on Polaris Pro and enables the secure deployment of LLM models and related applications like RAG within a Trusted Execution Environment (TEE), encrypting all data in transit, and isolating sensitive information from the underlying infrastructure. With Polaris LLM, both the model weights – as well as all context documents – can be securely stored in an encrypted form, accessible only within the TEE.

Overview

Fr0ntierX’s Polaris LLM Secure Container utilizes Confidential Virtual Machines (CVM) and Confidential GPUs – based on the Nvidia Hopper architecture – to isolate LLM models and related applications within a fully encrypted environment. Confidential computing offers full memory encryption with minimal overhead, shielding data from both the cloud provider and internal IT resources. With the Polaris series, sensitive information remains encrypted at all stages: at rest, in transit, and when in use.

Polaris LLM encrypts HTTP requests to protect against exposure risks. Our encryption process uses a public key provisioned on the client’s infrastructure and managed within the TEE by the Polaris Secure Proxy. With encryption handled transparently within the TEE, no workload changes are required.

All responses are automatically encrypted with the public key provided by the user’s request, and is securely and easily decrypted by Polaris SDK. This encryption and decryption can either take place inside a server or browser environment.

Polaris LLM securely encrypts and decrypts the model weights and context documents (e.g. documents for a RAG pipeline) using a permanent key only accessible within the TEE. Access is restricted through an attestation policy, verifying workload integrity, and can block SSH access or limit usage to pre-approved software versions. Both encryption and decryption are handled by Polaris SDK for seamless data protection.

Key Benefits

  • Data Encryption: Security at all stages – at rest, in transit, and in use
  • Complete Isolation: Workloads shielded from cloud providers and internal IT resources
  • Transparent Encryption: All requests and responses are automatically encrypted and decrypted
  • No Modifications Required: No changes to the LLM model, inference server, or RAG application necessary
  • Encrypted Data Storage: Securely store encrypted model weights and context documents
  • TEE-Based Decryption: Secure data decryption within a Trusted Execution Environment
  • Optional Software Version Pinning: Only allow pre-approved software versions to decrypt data