Nen LogoNen
The v1 wedge — Secure AI SDK

Encrypt LLM prompts across your own stack

Prompts and streamed tokens stay ciphertext from the user's browser to the one backend service you trust to call the model — your edge, CDN, logs, and proxies never see them in plaintext.

const ai = createSecureOpenAI({ /* ... */ });

const stream = ai.chat.completions.stream({
  messages,
});

// prompts and streamed tokens are E2E-encrypted from the
// browser to YOUR backend — their edge, CDN, logs, and
// proxies see only ciphertext.

Drop-in shapes mirroring the official SDKs — createSecureOpenAI and createSecureAnthropic — built on the same transport-agnostic core as nenFetch and nenStream.

What this honestly protects (and what it doesn't)

This is the claim most easily overstated, so we pin it down. Read this section before you read the marketing.

Protected
The prompt/response is ciphertext from the user's browser, through your CDN, edge, load balancer, and logging, all the way to the backend that terminates Nen. That backend is where prompts stop being exposed to your own infrastructure and any intermediary.
Not protected by ML-KEM alone
Hiding the prompt from the model provider (OpenAI, Anthropic, etc.). The provider mustsee plaintext to run inference — you cannot do inference on ciphertext. We will never claim “the provider never sees your prompts.”

The honest pitch: “Your users' prompts never appear in plaintext anywhere across your own stack — your edge, your logs, your proxies, your vendors-in-the-middle — only inside the one service you trust to call the model.”

For teams that also need to hide prompts from the provider, the self-host / TEE path is a separate, later capability — never an implied default.

Client App
CDN & Logs
Your Backend
OpenAI / Anthropic
Nen Encrypted Prompt
Forward Encrypted Payload
Plaintext Prompt

Why AI is the wedge

  • AI apps already stream sensitive data — prompts, PHI, legal context, financial records — through many hops of your own infrastructure.
  • Health, legal, and fintech AI companies feel this pain today and carry budget and compliance urgency.
  • Secure streaming is a rare, defensible niche — most PQC projects stop at request/response. nenStream already does chunked, authenticated SSE.

Live demo

Pick a scenario, hit Send encrypted, and watch the split view: your app sees decrypted tokens streaming in on the left; the wire — your CDN, edge, and logs — sees only base64 ciphertext frames on the right.

Secure AI DemocreateSecureOpenAI
Ready
Your app sees (plaintext)
Prompt
Response
Decrypted response will appear here…
Wire sees (ciphertext only)
handshakerequestSSE frameFIN sentinel
No traffic yet — hit Send to watch the wire
Illustrative ciphertext. Real payloads use ChaCha20-Poly1305 over an ML-KEM-768 shared secret. Your CDN, edge, logs, and proxies see exactly this — base64 blobs, nothing readable.
Quickstart Threat modelWhy not Cloudflare?