frontpage.

Show HN: PrivateClaw – AI agents running in confidential VMs you can verify

https://privateclaw.dev

5•lambence•1h ago

We built PrivateClaw because the hosted OpenClaw platforms on the market today require you to trust them with plaintext. PrivateClaw removes that requirement at the hardware layer.

PrivateClaw runs AI agents inside Trusted Execution Environments (TEEs), backed by AMD’s SEV-SNP standard. This means that your data is encrypted at the hardware level, enforced by the AMD Secure Processor outside the host OS trust boundary.

PrivateClaw comes with inference that also runs inside TEEs, which means your prompts and completions are private as well.

How it works:

Each user gets a dedicated CVM (Confidential VM) — no shared tenancy. SEV-SNP provides hardware-enforced memory encryption with a per-VM key managed by the AMD Secure Processor, outside the host OS trust boundary. The hypervisor cannot read guest memory.

Onboard now by running ssh privateclaw.dev in your terminal of choice.

How you verify it:

Our open-source CLI https://github.com/lunal-dev/privateclaw-cli is installed by default on all user CVMs and enables users to perform a 5-step verification:

1. SEV-SNP attestation — fetches a signed attestation report from the AMD PSP and validates it against AMD's root of trust 2. vTPM verification — confirms the virtual TPM's endorsement key is bound to the CVM's attestation 3. Host key binding — verifies the SSH host key you're connecting to is the one measured in the attestation report 4. Inference endpoint check — confirms the inference and inference proxy cert is bound to their respective TEE measurements 5. Access control audit — validates that only your SSH key is authorized and the cloud’s guest agent is disabled

Every step is transparent and auditable, and the CLI that does this for you is open source.

Today, we enable you to verify that your agent is running inside a TEE. Attestable builds are on our roadmap, which will also enable users to verify what software is running inside the TEE.

Architecture:

PrivateClaw runs the user CVM and inference gateway on Azure Confidential Compute, and inference itself is powered by Confidential AI's TEE-backed vLLM deployment. The launch digest for each CVM is in the attestation report, so you can verify the boot state. Binding specific userland binaries to published source is on our reproducible build roadmap.

Pricing:

Free tier available. Pro, with greater limits, is $69/mo.

Try it: ssh privateclaw.dev

The Download: supercharged scams and studying AI healthcare

A 13-month-old LlamaIndex bug re-embeds unchanged content

Show HN: Signova AI – DocuSign alternative for $7

Tensorlake is now an official Harbor environment runtime

AI Field Notes on the DGX Spark

The Art of Crossword Creation

Ask HN: I wanna hear about your experience with Claude Code and Codex

Full Stack Open: Deep Dive into Modern Web Development

Zodiac Killer may be tied to Black Dahlia case after 'code cracked,' DNA taken

PIX – Share Images Without the Cloud

Retrieval-Augmented Generation Is an Engineering Problem, Not a Model Problem

Variant – Endless designs for your ideas, just scroll

Intel shutters open-source evangelism program, archives key community projects

A Catechism for Robots

Show HN: Porting Open3D to Python without writing a LoC

Tesla (TSLA) discloses $2B AI hardware company acquisition buried

AI models, power, politics, and performance

A deep dive into the wild world of GitHub Actions' tagging formats

Relatives of dead or missing scientists grapple with impact of wild speculation

How do you handle context compression cloud workflows?

'Scattered Spider' Member 'Tylerb' Pleads Guilty

JackDanger/gzippy ·The fastest gzip on any hardware

Redesigning the Recurse Center application to inspire curious programmers

Which one is more important: more parameters or more computation? (2021)

Show HN: Claude proxy to record interactions-browse, search sessions, usage, MCP

Oral Argument Preview: Chatrie vs. United States

I built PixelGuard – a privacy tool to blur faces in videos

Why BookScan Is Different from Book Sales (Different from Royalty Statements)

AI Progress doesn't feel as fast as we're told

Ask HN: Is code quality and design systems the new SWE?