#opg $OPG
Encryption sounded complete to me until I asked a slightly uncomfortable question:

Encrypted for whom?

A message can be perfectly sealed and still be delivered to the wrong machine. If I accept whatever public key a server gives me, I am protecting the prompt in transit without proving who can open it.

That is the detail inside OpenGradient Chat I nearly overlooked.

Before chat.opengradient.ai encrypts a private request, the client checks the enclave first.

It verifies that the hardware attestation came from genuine AWS Nitro infrastructure. It compares the machine’s PCR measurements with the approved build recorded in OpenGradient’s TEE registry. It also confirms that the encryption key was created inside that exact enclave rather than quietly substituted outside it.

Only after those checks pass does the prompt get sealed.

The order changed how I think about “end-to-end encryption.”

Encryption alone says outsiders cannot read the message.

Attestation asks whether the intended receiver is actually running the software it claims to be running.

That second question matters because a secure connection to altered code is still a secure connection to altered code.

@OpenGradient is making the client verify the destination before trusting the lock. The SDK handles the difficult checks quietly, but the user benefits from the result: an unapproved build should not receive the sensitive prompt at all.

For me, that is stronger than another lock icon.

Would you rather trust encryption by itself, or have your device verify the machine before it sends anything?

This is the kind of hidden infrastructure that gives $OPG a real product context.