In 2025, Microsoft disclosed that a single breach of its Exchange Online platform exposed the email contents of 25 federal agencies, including the U.S. State Department and the Department of Commerce. The attack vector was not a software vulnerability. It was a stolen signing key — one key that unlocked everything, because everything was stored. The breach persisted undetected for 78 days. The cost to the U.S. government remains classified. The cost to public trust in cloud infrastructure is not: a 2025 Ponemon Institute survey found that 71% of enterprises now consider data residency and cloud trust their top-three board-level concerns, up from 44% in 2022.
This is the structural failure that gave rise to Stealth Cloud — not as a product, not as a brand, but as an architectural category. A third paradigm of cloud computing that starts from a premise the industry has spent two decades avoiding: the only data that cannot be breached is data that does not exist.
The Three Paradigms of Cloud Computing
Cloud infrastructure has evolved through three distinct architectural philosophies, each defined by its answer to a single question: who can access the data at rest?
Understanding these paradigms is essential to understanding why Stealth Cloud emerged and what it replaces. A full comparative analysis is available in our breakdown of the three paradigms of cloud computing.
Paradigm 1: Public Cloud (2006–Present)
Public cloud — AWS, Azure, Google Cloud — operates on a trust-delegation model. The customer surrenders physical custody of data to the provider. Encryption at rest exists, but the provider holds the keys. The provider’s employees, subprocessors, and (critically) the jurisdictions in which the provider operates can compel access.
The economics are extraordinary. The global public cloud market reached $679 billion in revenue in 2025, according to Gartner. AWS alone operates more than 100 availability zones across 33 regions. The scale is unmatched. But scale created a monoculture — and monocultures produce catastrophic, correlated failures.
The public cloud model assumes that the provider is trustworthy, that the provider’s jurisdiction is stable, and that the provider’s employees are incorruptible. Each of these assumptions has been falsified repeatedly since 2019.
Paradigm 2: Sovereign Cloud (2018–Present)
Sovereign cloud emerged as a response to jurisdictional risk. The core idea: data should be stored and processed within the legal boundaries of a specific nation-state, subject only to that nation’s laws. The EU’s GAIA-X initiative, launched in 2019, formalized this concept. Germany’s Bundescloud, France’s SecNumCloud qualification, and Switzerland’s strict Federal Data Protection Act (revDSG, effective September 2023) represent mature implementations.
Sovereign cloud solves the jurisdiction problem. It does not solve the persistence problem. Data still exists at rest. Encryption keys are still managed by an operator. A sufficiently motivated state actor — including the sovereign state itself — retains the technical and legal capacity to access stored data. The 2022 revocation of the EU-U.S. Privacy Shield (Schrems II) demonstrated that even “friendly” jurisdictions cannot guarantee reciprocal data protection.
Sovereign cloud answers the question “where is the data?” It does not answer the question “does the data need to exist at all?”
Paradigm 3: Stealth Cloud (2024–Present)
Stealth Cloud answers that question. No.
Stealth Cloud is infrastructure engineered to produce zero forensic trace. Not “encrypted at rest.” Not “access-controlled.” Not “compliant.” Absent. The data does not persist. The session does not log. The identity does not resolve. The infrastructure itself is ephemeral — spun up for the duration of a computation, then destroyed with cryptographic shredding, leaving no recoverable artifact.
This is not a feature added to existing cloud architecture. It is a different architecture entirely, built from first principles around three guarantees:
- Zero Persistence: No data is ever written to durable storage. Computation occurs exclusively in volatile memory. When the session ends, the memory is zeroed and the cryptographic keys are destroyed.
- Zero Knowledge: The infrastructure operator cannot decrypt user data, even under compulsion. Encryption keys exist only on the client device, never on the server.
- Zero Identity: Authentication does not require personally identifiable information. No email. No phone number. No government ID. Identity is established through cryptographic proof — specifically, Sign-In with Ethereum (SIWE) wallet signatures.
The term “stealth” is borrowed from radar engineering: stealth aircraft are not invisible, but they are designed to minimize their observable signature below the threshold of detection. Stealth Cloud applies the same principle to digital infrastructure. The goal is not to hide the existence of a computation, but to ensure that the computation leaves no recoverable data signature once complete.
Why Stealth Cloud Exists Now
Four converging forces made Stealth Cloud architecturally viable and economically necessary in the 2024–2026 window. None of them is purely technological.
1. The AI Data Harvesting Crisis
Every major AI provider ingests user prompts as training data by default. OpenAI’s terms of service, as of March 2025, explicitly permit the use of API inputs for model improvement unless enterprise customers negotiate a custom data processing agreement. Anthropic, Google DeepMind, and Meta follow structurally similar policies. A detailed examination of these practices is available in our analysis of OpenAI’s data practices.
The implication: every question asked to a cloud-hosted AI becomes part of that AI’s future outputs. Legal strategy. Medical symptoms. Financial projections. Trade secrets. The $4.4 trillion global AI market, projected by PwC for 2030, is being built on a substrate of involuntary user data contribution.
Stealth Cloud interposes a PII-stripping proxy between the user and the model. Personally identifiable information is detected and tokenized on the client device before the prompt ever reaches the network. The AI model receives a sanitized query. The response is de-tokenized on the client. The model never sees real names, real addresses, or real identifiers. The operator never sees plaintext.
2. Jurisdictional Fragmentation
The regulatory environment for data sovereignty fractured beyond repair between 2022 and 2025. The EU’s AI Act (effective August 2025) imposes strict data handling requirements on high-risk AI systems. China’s Personal Information Protection Law (PIPL) demands data localization with criminal penalties. India’s Digital Personal Data Protection Act (2023) creates a compliance labyrinth with 37 categories of consent. Brazil’s LGPD, South Korea’s PIPA, and Japan’s APPI each impose mutually contradictory requirements on cross-border data flows.
No multinational can simultaneously comply with all active data protection regimes if data persists. The only architecture that is compliant everywhere by default is one where there is no data to regulate. Stealth Cloud eliminates the regulatory surface area by eliminating the data.
3. Post-Quantum Cryptographic Urgency
The National Institute of Standards and Technology (NIST) finalized three post-quantum cryptographic standards in August 2024: ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205). The urgency behind this standardization is the “harvest now, decrypt later” strategy employed by state-level adversaries — intercepting encrypted data today with the expectation that quantum computers will break current encryption within 10–15 years.
AES-256-GCM, the symmetric encryption standard used in Stealth Cloud architecture, is considered quantum-resistant (Grover’s algorithm reduces its effective security to 128 bits, which remains computationally infeasible). But the deeper defense is simpler: data that has been cryptographically shredded cannot be decrypted by any computer, quantum or classical, because it no longer exists. You cannot harvest what was never stored.
4. The Swiss Structural Advantage
Switzerland’s position in privacy infrastructure is not accidental. It is the product of 175 years of legal architecture. Swiss banking secrecy, established by the Federal Banking Act of 1934, created the institutional precedent for systemic confidentiality. The revised Federal Act on Data Protection (revDSG), effective September 1, 2023, provides some of the strongest data protection guarantees in any jurisdiction, including a prohibition on the transfer of personal data to countries without adequate protection — a category that includes the United States.
Stealth Cloud infrastructure domiciled in Switzerland operates under this legal framework. The Canton of Zug, specifically, has developed as the global center for blockchain and cryptographic-identity companies since the establishment of the Ethereum Foundation there in 2014. The legal, regulatory, and technical talent ecosystems are mature.
Swiss domicile is not a marketing decision. It is a technical architecture decision with legal force.
How Stealth Cloud Works: Technical Architecture
The engineering behind zero-trace infrastructure requires rethinking every layer of the traditional cloud stack. What follows is the reference architecture — the pattern that defines the category.
Edge-First Computation
Stealth Cloud does not use centralized data centers. Computation is distributed across edge nodes — in the reference implementation, Cloudflare Workers running on V8 isolates across 300+ locations in over 100 countries. Each request is processed at the node closest to the user, with sub-200ms time-to-first-byte globally.
V8 isolates provide a critical property: hardware-level memory isolation without the overhead of virtual machines or containers. Each request executes in its own isolate. When the isolate terminates, its memory is reclaimed by the runtime. There is no shared state between requests, no writable filesystem, and no mechanism for one request to inspect the memory of another.
This is not a deployment convenience. It is a security architecture. The attack surface of a stateless edge isolate is orders of magnitude smaller than a traditional server with a persistent filesystem, a database connection, and an operating system.
Client-Side Encryption
All encryption and decryption occurs on the user’s device, never on the server. The encryption standard is AES-256-GCM, implemented via the Web Crypto API — a W3C standard supported natively in all modern browsers without requiring external libraries.
The key lifecycle is critical:
- A new AES-256-GCM key is generated on the client for each session using
crypto.subtle.generateKey(). - The key never leaves the client device. It is never transmitted over the network.
- All data sent to the server is encrypted with this key before transmission.
- The server processes encrypted payloads. It can route them, proxy them, and stream responses — but it cannot read them.
- When the session ends, the key is destroyed using
crypto.subtle.destroyKey(). The ciphertext that remains in any transient buffer is now permanently indecipherable.
This is the mechanism behind zero-knowledge operation. The server is architecturally unable to access plaintext, not because of a policy, but because of mathematics.
Identity Without Identification
Traditional authentication systems require a piece of personally identifiable information — an email address, a phone number, a government ID — to establish identity. Stealth Cloud eliminates this requirement entirely using Sign-In with Ethereum (SIWE), defined in EIP-4361.
The authentication flow:
- The client requests a cryptographic nonce from the server.
- The user signs a structured message containing this nonce using their Ethereum wallet (MetaMask, WalletConnect, Coinbase Wallet, or any EIP-4361-compatible wallet).
- The server verifies the signature using
ecrecover, confirming that the signer controls the private key associated with the wallet address. - The server issues a session token (JWT with a 1-hour TTL) containing only a salted hash of the wallet address — never the address itself.
No email. No password. No phone number. No name. The server knows that a cryptographic key pair exists and that the holder demonstrated control of it. That is the entirety of the identity model.
Ephemeral Session Infrastructure
Sessions in Stealth Cloud architecture are backed by Cloudflare Durable Objects — lightweight, single-threaded stateful objects that exist for exactly the duration of a conversation. Each Durable Object:
- Holds WebSocket state for real-time streaming.
- Stores no data to durable storage (the
storageAPI is intentionally unused). - Is destroyed when the session ends, either by user action, a configurable burn timer, or the Durable Object’s automatic garbage collection.
This is ephemeral infrastructure in the strictest sense: the compute environment itself is created, used, and annihilated. There is no “server” to subpoena. There is no “database” to image. The infrastructure has the same forensic profile as a conversation conducted in a soundproof room that is subsequently demolished.
The PII Proxy Layer
The PII (Personally Identifiable Information) proxy is the most operationally novel component of the Stealth Cloud architecture. It runs entirely on the client device as a WebAssembly (WASM) module — a compiled binary executing in the browser’s sandbox.
The proxy performs named entity recognition (NER) on outgoing prompts, identifying and tokenizing:
- Personal names →
[PERSON_1],[PERSON_2] - Email addresses →
[EMAIL_1] - Phone numbers →
[PHONE_1] - Physical addresses →
[ADDRESS_1] - Financial identifiers (account numbers, SSNs) →
[FINANCIAL_1] - Organization names →
[ORG_1]
The token map is stored exclusively in the client’s volatile memory. When the AI model responds with references to [PERSON_1], the client-side proxy re-injects the original value before rendering. The model never processes real PII. The server never transmits real PII. The operator never possesses real PII.
This is the architectural answer to the AI data harvesting problem. Even if an LLM provider retains prompts for training, the retained prompts contain no personally identifiable information. The data is structurally anonymized before it leaves the user’s device.
Who Stealth Cloud Is For
Stealth Cloud is not for everyone. It is specifically engineered for use cases where data existence — not just data access — constitutes risk.
Legal Professionals and Law Firms
Attorney-client privilege is the oldest data protection mechanism in common law, predating digital technology by centuries. A 2024 American Bar Association survey found that 39% of attorneys had used generative AI for case research, but 62% of those reported concerns about confidential client information entering AI training datasets. Stealth Cloud enables legal professionals to use AI tools without creating a persistent record that could be subpoenaed, leaked, or harvested.
Investigative Journalists and Press Freedom Organizations
Reporters Without Borders documented 521 journalists imprisoned globally in 2024, a figure that has risen every year since 2019. For journalists operating under authoritarian regimes, the existence of a cloud-hosted conversation with a source — regardless of its content — can be sufficient evidence for prosecution. Stealth Cloud’s zero-identity, zero-persistence architecture means there is nothing to seize.
Financial Services and M&A Advisory
Material non-public information (MNPI) is the most sensitive category of data in capital markets. A leaked AI prompt containing the name of an acquisition target, a price point, or a timeline constitutes insider information. The SEC levied $4.6 billion in enforcement actions in fiscal year 2024, with data handling violations representing a growing share. Stealth Cloud ensures that AI-assisted financial analysis produces no discoverable record.
Healthcare and Clinical Research
HIPAA violations cost U.S. healthcare organizations an average of $1.27 million per breach in 2024. Clinical researchers using AI to analyze patient data face an irreconcilable tension: the AI needs context to be useful, but providing context creates a persistent record of protected health information. Stealth Cloud’s PII proxy layer and client-side encryption allow clinicians to query AI models with anonymized data, eliminating the compliance risk at the architectural level.
Dissidents, Activists, and At-Risk Populations
This is the use case that cannot be quantified in dollar terms. For individuals living under surveillance regimes, the act of asking a question — about legal rights, emigration procedures, political asylum, or medical care — can be life-threatening. Privacy is not a preference for these users. It is a survival mechanism.
Stealth Cloud vs. Public Cloud vs. Sovereign Cloud
The differences between the three paradigms are structural, not incremental. They represent fundamentally different answers to the question of data custody.
| Property | Public Cloud | Sovereign Cloud | Stealth Cloud |
|---|---|---|---|
| Data at rest | Encrypted, provider-held keys | Encrypted, operator-held keys | Does not exist |
| Data jurisdiction | Provider’s country of incorporation | Specified sovereign territory | Irrelevant (no persistent data) |
| Identity model | Email/password, SSO, MFA | Government-issued credentials, SSO | Wallet signature (SIWE), no PII |
| Subpoena response | Provider produces data | Sovereign operator produces data | No data to produce |
| Encryption key custody | Provider | Operator or customer | Client device only |
| Breach impact | Full data exposure | Jurisdiction-limited exposure | No data to breach |
| Regulatory compliance | Per-jurisdiction configuration | Single-jurisdiction native | Structurally compliant (no data) |
| AI training data risk | High (prompts may be retained) | Medium (operator policy-dependent) | None (PII stripped client-side) |
For a detailed comparison of Public and Sovereign models, see our analysis of Public Cloud vs. Sovereign Cloud.
The critical distinction is not about security posture or encryption strength. All three paradigms can implement strong encryption. The distinction is ontological: in Public and Sovereign Cloud, the data exists and must be protected. In Stealth Cloud, the data does not exist and therefore requires no protection. This is not a subtle difference. It is the difference between locking a vault and never building one.
The Cryptographic Foundation
Stealth Cloud’s guarantees are not policy-based. They are mathematically enforced. Three cryptographic primitives underpin the architecture.
AES-256-GCM: Symmetric Encryption
AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode) provides authenticated encryption — meaning it guarantees both confidentiality and integrity. The 256-bit key space contains 2^256 possible keys, a number larger than the estimated count of atoms in the observable universe. Brute-force attacks against AES-256 are not merely impractical; they are thermodynamically impossible with any conceivable classical computer.
GCM mode adds a critical property: authentication. Each ciphertext includes a tag that verifies it has not been modified in transit. Any tampering — even a single flipped bit — causes decryption to fail. This prevents the class of attacks where an adversary modifies encrypted data without decrypting it.
Zero-Knowledge Proofs
Zero-knowledge proofs (ZKPs) are cryptographic protocols that allow one party to prove possession of information without revealing the information itself. In the context of Stealth Cloud architecture, ZKPs enable:
- Authentication without identification: Proving you are authorized without revealing who you are.
- Compliance without disclosure: Proving your data handling meets a regulatory standard without exposing the data or the handling process.
- Computation verification: Proving that a computation was performed correctly without revealing the inputs or outputs.
A comprehensive technical explanation is available in our guide to zero-knowledge proofs explained.
Cryptographic Shredding
Cryptographic shredding is the destruction of encrypted data by destroying its encryption key, rather than overwriting the data itself. When an AES-256-GCM key is destroyed, the corresponding ciphertext becomes computationally indistinguishable from random noise. No key recovery mechanism exists. No backdoor is possible. The data is not “deleted” — deletion implies the data existed in a recoverable state and was subsequently removed. Cryptographic shredding means the data reverts to entropy. It was never, in any recoverable sense, stored.
This is the mechanism that enforces the “zero-persistence” guarantee. Even if an attacker captures ciphertext in transit or in transient memory, the destruction of the session key renders that ciphertext permanently unrecoverable.
The Economics of Zero-Trace
Stealth Cloud is not more expensive than traditional cloud infrastructure. In many configurations, it is cheaper — because it eliminates entire cost categories.
Storage costs: zero. There is no data at rest. No S3 buckets. No database replicas. No backup tapes. No cold storage tiers. For context, AWS S3 storage costs alone accounted for an estimated $10.8 billion in annual revenue for Amazon in 2024. Stealth Cloud customers pay for compute cycles only.
Compliance costs: radically reduced. A 2025 Deloitte study estimated that Fortune 500 companies spend an average of $5.47 million annually on data protection compliance across multiple jurisdictions. When there is no persistent data, there is no data to classify, no data to map, no data to audit, and no data to report on. The compliance surface area collapses.
Breach remediation costs: zero. IBM’s 2025 Cost of a Data Breach Report placed the global average cost of a data breach at $4.88 million. The Stealth Cloud architecture makes breach remediation a null category. There is nothing to remediate because there is nothing to breach.
Legal discovery costs: zero. E-discovery — the process of producing electronically stored information in litigation — costs U.S. companies an estimated $27 billion annually, according to RAND Corporation research. Stealth Cloud systems produce no discoverable records. This is not obstruction; it is architecture. You cannot produce records that were never created.
The trade-off is real: Stealth Cloud does not support use cases that require data persistence. Historical analytics, long-term record-keeping, and regulatory archives require traditional or sovereign infrastructure. Stealth Cloud is purpose-built for ephemeral computation — transactions of thought that should not outlive their usefulness.
Implementation: The Reference Stack
The Stealth Cloud reference implementation uses a specific technology stack, not because these are the only viable options, but because they represent the current state of the art for each layer.
| Layer | Technology | Function |
|---|---|---|
| Edge compute | Cloudflare Workers (V8 isolates) | Stateless request processing, global distribution |
| Session state | Cloudflare Durable Objects | Ephemeral WebSocket state, auto-destruction |
| Transient store | Cloudflare KV (TTL-enforced) | Nonce storage, session tokens, auto-expiring |
| Client encryption | Web Crypto API (AES-256-GCM) | End-to-end encryption, client-only key custody |
| Identity | SIWE (EIP-4361) via wagmi/viem | Wallet-based authentication, zero PII |
| PII detection | WebAssembly NER module | Client-side named entity recognition and tokenization |
| AI routing | Cloudflare AI Gateway | Provider-agnostic LLM proxy with zero logging |
| Streaming | Server-Sent Events (SSE) | Real-time response streaming with encrypted chunks |
Cloudflare Workers were selected for a specific architectural property: V8 isolates execute in memory only, with no access to a persistent filesystem. This is not a configuration choice that could be reversed by an operator — it is a platform constraint. The operator cannot write data to disk, even if compelled to do so, because the runtime does not provide a disk.
What Stealth Cloud Is Not
Precision matters. Stealth Cloud is a specific architectural category, not a synonym for any privacy-related technology.
Stealth Cloud is not a VPN. VPNs obscure network origin. They do not address data persistence, encryption key custody, or identity sovereignty. A VPN user who logs into Gmail with their email address has achieved network-level privacy and nothing else.
Stealth Cloud is not end-to-end encrypted messaging. Services like Signal provide excellent E2EE for communication between known parties. Stealth Cloud addresses a different problem: private computation with AI systems, where one party (the model) is operated by a third party (the provider).
Stealth Cloud is not confidential computing alone. Confidential computing (Intel SGX, AMD SEV, ARM CCA) provides hardware-level memory encryption during processing. It is a component technology that can be used within a Stealth Cloud architecture, but it is not sufficient on its own — because confidential computing does not address data persistence, identity, or key custody.
Stealth Cloud is not the dark web. The dark web (Tor hidden services) provides anonymity through network routing obfuscation. Stealth Cloud provides architectural data non-existence. The two solve different problems and can be combined, but they are not synonymous.
The Road Ahead
Stealth Cloud as a category is in its first generation. The architectural primitives are proven — AES-256-GCM has been a NIST standard since 2007, V8 isolates have been in production at Google’s scale since 2008, SIWE was formalized in 2022 — but the integration into a cohesive zero-trace stack is new.
Three developments will define the next five years:
Homomorphic encryption at practical speeds. Fully homomorphic encryption (FHE) allows computation on encrypted data without decryption. Current implementations are 10,000x–1,000,000x slower than plaintext computation. When this penalty drops below 10x — likely by 2029–2031 — Stealth Cloud systems will be able to process encrypted data without ever decrypting it, even in memory. The zero-knowledge guarantee will extend from “data at rest” to “data in use.”
Hardware-enforced ephemeral computing. ARM’s Confidential Compute Architecture (CCA) and Intel’s Trust Domain Extensions (TDX) are creating hardware that can enforce memory isolation and automatic zeroing at the silicon level. When edge hardware natively supports cryptographic shredding, the guarantees move from software policy to physics.
Regulatory recognition of non-existence as compliance. Current data protection frameworks (GDPR, CCPA, PIPL) are designed around the assumption that data exists and must be governed. No major framework has yet established a formal category for systems where data does not persist. When regulators recognize architectural non-existence as a compliance posture — and they will, because the alternative is regulatory impossibility across 100+ jurisdictions — Stealth Cloud moves from the frontier to the default.
The full philosophical foundation for this architectural direction is articulated in the Stealth Cloud Manifesto.
The Stealth Cloud Perspective
Stealth Cloud is not an improvement on existing cloud infrastructure. It is a rejection of the premise that data must persist to be useful. The third paradigm of cloud computing starts from a single architectural truth: the most secure data is data that does not exist, the most private identity is an identity that cannot be resolved, and the most resilient infrastructure is infrastructure that leaves nothing behind.