§Deep dive into Confidential Computing, AWS Nitro Enclaves, and true privacy for LLMs

by Alien Investor

────────────────

Transparency Note: This article is a research report based on technical documentation and architectural analysis. I have not yet personally field-tested Maple AI but intend to do so shortly. I am writing this because the topic of Confidential Computing is vital for our digital sovereignty. If you are a developer or have deeper insights, constructive feedback is highly appreciated.

We live in a fundamental security dilemma.

Modern AI models (LLMs) have become critical infrastructure for knowledge work. But the price for this intelligence is high: You must send your most intimate thoughts, trade secrets, and ideas to centralized “black boxes” like OpenAI, Google, or Anthropic.

For cypherpunks, lawyers, and freedom-loving aliens, this is unacceptable. The industry’s answer so far has been: “Just trust us.”

Maple AI steps up to break this paradigm. Not with promises, but with cryptographic proofs. This report analyzes the technology, the risks, and why this project is more than just another AI wrapper.

────────────────

§Origin: From the Ashes of Mutiny Wallet

Maple AI is not a typical Silicon Valley startup jumping on the hype train. It is the direct successor to the team behind Mutiny Wallet—an innovative, self-custodial Bitcoin Lightning wallet.

When the team had to shut down wallet operations in 2024/2025 due to regulatory hurdles, they executed a strategic pivot. The ideological basis remained identical:

Data is “Toxic Waste.”

Whoever collects data creates liability risks and surveillance structures. The Human Rights Foundation (HRF) has already listed the project as one of the “Top 15 Freedom Tech Projects of 2025”.

────────────────

§The Architecture: OpenSecret & AWS Nitro Enclaves

How can Maple claim not to see your data if it is processed on their servers? The answer lies in Confidential Computing. Maple is essentially an implementation of the “OpenSecret” backend platform.

The Vault: AWS Nitro Enclaves

Normally, a server administrator (Root) has access to everything happening in memory. However, Maple uses AWS Nitro Enclaves. These are isolated computing environments:

• No SSH Access: Even Maple developers cannot log into the enclave.

• Diskless: The enclave has no persistent storage. Once power is cut or the process ends, the data is gone (Zero Data Retention).

• No Open Internet: The enclave communicates only via a strictly defined, local channel.

The Proof: Remote Attestation

This is the crucial point (“Don’t trust, verify”): Before your device sends even a byte of data, it demands a so-called “Attestation Report.” This is a cryptographic signature directly from the AWS hardware.

This report confirms: “I am a real Nitro Enclave and I am executing exactly the program code whose hash you expect.” Since the code is Open Source (Reproducible Builds via NixOS), anyone can verify that no backdoors are installed.

How Live Web Search (Brave) Works A common problem with secure enclaves is that they are not allowed internet access. Maple solves this with a “Privacy Proxy”:

1. Your encrypted prompt lands in the enclave.

2. The enclave decrypts it, recognizes a search query, and sends it via a proxy to Brave Search.

3. Brave sees only the Maple server’s IP, not yours.

4. Results flow back into the enclave, are processed there, and sent back to you encrypted.

────────────────

§The Models: The China Paradox & Vision

Maple does not train its own models but hosts the world’s best open-weight models.

• DeepSeek R1 & Kimi K2 (China): Maple uses top-tier Chinese models that often beat GPT-4 in benchmarks. Normally a privacy nightmare. But since these models run inside the isolated US enclave without internet access, they cannot radio data back to China. We use the adversary’s weapon against them.

• GPT-OSS-120B (USA): A rare, open model from OpenAI with strong reasoning capabilities.

• Gemma 3 (Vision): Image recognition is also possible. You can analyze screenshots or photos—also processed entirely within the enclave.

────────────────

§Maple Proxy: AI for Developers without Spying

For developers, the “Maple Proxy” feature is a game-changer. It is a small program that runs locally on your machine and pretends to be the OpenAI server.

You can use tools like Cursor, VS Code, or Windsurf and simply redirect them to your local port. The proxy encrypts everything and sends it to the enclave. This allows you to use proprietary coding tools without your code landing at Microsoft or OpenAI.

────────────────

§Pricing & True Anonymity

The business model is transparent: Maple is funded by direct user payments. The pricing structure is similar to competitors but offers true “de-banking” resistance through Bitcoin.

• Free ($0): For testing. Limited to ~25 messages/week.

• Starter ($5.99): Basic models, moderate usage.

• Pro ($20): The Standard. Access to DeepSeek R1, Kimi K2 & GPT-OSS.

• Max ($100): Power users & developers (20x limits). Ideal for Proxy.

• Team ($30/User): For law firms/practices. Central billing.

Paying with Bitcoin & Lightning As a legacy of the Mutiny Wallet, Maple integrates native Bitcoin payments.

• Anonymity: You can pay without a bank account or real name (no PII requirement).

• Lightning Network: Instant, low-fee payments.

• Discount: Those paying with Bitcoin often receive discounts.

────────────────

§Critical Analysis: What’s the Catch?

Where there is light, there is shadow. Security costs comfort.

• Latency (Ping): The cryptographic handshake takes time. Maple feels less “snappy” than ChatGPT.

• Loss Risk: If you lose your Recovery Phrase, the account is gone. There is no support reset.

• Traffic Analysis (Metadata): This is a risk for high-value targets (dissidents). Even if the content is encrypted, an ISP could verify that you are communicating intensively with an AI based on packet size and timing. Maple does not (yet) offer obfuscation for this.

• Sync Limits: Synchronization between devices happens via encrypted “blobs.” While the server doesn’t see the content, it sees when and how much is synced (metadata leak).

────────────────

§Alien Conclusion: Niche or Future?

For the average user, Maple AI might be overkill.

But for lawyers, doctors, developers, and anyone processing sensitive data, it is potentially without alternative. It is proof that “Confidential Computing” has left the lab.

────────────────

Further Research

Relevant to security: Why you need your own AI on board.

Digital Sovereignty: Why you need your own on-board AI

────────────────

Money, power, Bitcoin — and OPSEC. I write about financial sovereignty, privacy, and cybersecurity in a world built on control. More at alien-investor.org 👽 (German Only)