Cape is critical to the agent ecosystem because it solves the "autonomy vs. privacy" dilemma. For an AI agent to act on a user's behalf, it must handle sensitive credentials and private context. Cape's secure enclaves allow these agents to operate in a trusted environment where the underlying data is never exposed to the model provider or the infrastructure host. This enables the creation of "agentic" workflows in highly regulated industries like finance and healthcare where standard LLM APIs are often prohibited.
By providing a secure runtime for code and model inference, Cape allows developers to build agents that use tools—such as database connectors or API callers—without the risk of leaking the data those tools retrieve. This moves the agent stack away from a "trust-based" model toward a "verifiable" security model, which is a necessary step for the widespread adoption of autonomous AI in the enterprise.
The central tension in the current AI agent boom is the trade-off between capability and confidentiality. To be useful, an AI agent often needs access to sensitive information—financial records, personal health data, or proprietary company code. However, the prevailing architecture of large language models (LLMs) requires sending this data to third-party providers, creating a massive security risk and a compliance hurdle for enterprise users. Cape addresses this problem by providing what they call the "Privacy Layer for AI."
Cape is built on the premise that privacy should be a technical guarantee rather than a policy promise. Their platform allows developers to process sensitive data with models like Llama or GPT without the data ever being accessible to the model provider, the infrastructure provider, or even Cape itself. This is achieved through the use of secure enclaves, which are isolated compute environments that encrypt data in use.
The technical core of Cape is its integration with AWS Nitro Enclaves. These Trusted Execution Environments (TEEs) provide a hardened, highly isolated virtual machine that has no persistent storage, no interactive access, and no external networking. When a developer uses the Cape CLI or API to run an AI task, the data is encrypted on the user's machine, sent to the enclave, decrypted inside the secure hardware, processed by the model, and re-encrypted before being sent back.
This approach differs significantly from traditional data-at-rest or data-in-transit encryption. By protecting data during processing, Cape enables "Confidential Computing" for AI. For a developer building an agentic system, this means they can feed a customer's banking history into a model to generate insights while ensuring that neither AWS nor the model vendor can ever see the raw text.
Founded in 2018 by Ché Wijesinghe and Gavin Uhma, the company originally operated as Cape Privacy, focusing on secure multiparty computation (SMPC). As the industry shifted toward generative AI, the company rebranded to Cape and pivoted its focus toward the LLM infrastructure stack. Based in New York, the team has focused on making hardware-level security accessible through high-level developer tools.
Their product suite includes a CLI and a Python SDK that allow engineers to integrate privacy into their existing workflows. For instance, a developer can use cape run to execute a script inside an enclave as easily as they would run it locally. This simplicity is a key differentiator in a market where confidential computing has historically been reserved for specialized security engineers.
Cape occupies a specialized niche within the AI infrastructure ecosystem. They sit between the model providers (OpenAI, Anthropic) and the cloud infrastructure (AWS, Azure). While companies like Skyflow or Evervault focus on vaulting and tokenizing data, Cape is focused on the compute itself. Their primary competition comes from both general-purpose confidential computing platforms and cloud-native solutions like Azure Confidential Computing. However, Cape's commitment to a developer-first AI experience—specifically their focus on secure Python runtimes and model deployment—gives them an edge with teams building autonomous agents that require high degrees of data agency.
A secure enclave-based API for running LLMs with sensitive data.
Cape is hiring.