Improving Safety with Privacy: An Exploration of Privacy-Enhancing Safety Guardrails for Cloud Inference

Sai Deep Tetali, OpenAI

Cloud AI systems face two obligations that are often framed as a tradeoff. Providers need to prevent misuse and investigate failures, while users and enterprises need assurances on how their data is stored, accessed, and processed. This framing assumes that safety requires broad visibility into user data and that privacy requires giving up meaningful safeguards.

This talk argues that privacy-enhancing infrastructure can improve both. We will explore how encryption, confidential computing, remote attestation, and other technologies can provide strong technical guarantees about how data is accessed and processed. These mechanisms can support strong safety guardrails without making routine human access the default. They provide stronger, auditable guarantees than from policy alone. We will also present a number of challenges with these architectures, including trust boundaries, operational tradeoffs, appeals, incidents, and software updates.

This is an open area of exploration and we are actively seeking to work with the community to set the standards for how responsible AI can be built.

Sai Deep Tetali is a Member of Technical Staff at OpenAI, where he leads the Private Stack team. His work focuses on building privacy-preserving infrastructure for frontier AI. Before OpenAI, Sai worked at Meta on privacy for augmented- and virtual-reality devices, spanning privacy-aware infrastructure and confidential computing. Earlier, he built machine-learning systems for detecting Android malware at Google and worked on automated software verification at Microsoft Research. He holds a PhD in Computer Science from UCLA, where his research focused on secure cloud computing, and is a co-author of The Android Malware Handbook.