ExpressVPN introduces ExpressAI with confidential computing and zero-access design

ExpressVPN has introduced ExpressAI, a privacy-focused AI platform built around confidential computing and encryption, aiming to address concerns over how user data is handled in mainstream AI tools.

The platform is designed to allow users to run everyday AI tasks such as drafting, summarisation, and problem-solving without exposing prompts, files, or conversation history to service providers or training pipelines. The company positions this as a direct response to growing user discomfort with sharing sensitive personal and work-related data through conventional AI systems.

Confidential computing anchors privacy approach

ExpressAI’s architecture centres on secure enclave technology, where user data is decrypted only within an isolated, cryptographically protected environment. This environment is designed to remain inaccessible to infrastructure operators, including ExpressVPN itself.

According to Shay Peretz, COO at ExpressVPN, “With ExpressAI, ExpressVPN is effectively extending its long-held stance on traffic protection to AI interactions: The best way to protect user data is not to collect it in the first place.” He added, “We’re not just making privacy claims – we’re proving it with cryptographic guarantees. With our enclave architecture, your messages exist in a secure, isolated environment that even we can’t access. This is the future of reliable, private AI.”

The platform applies zero-knowledge, end-to-end encryption across chat interactions and file handling. User data is not retained for training purposes, and conversations can be configured to automatically delete through a “ghost mode”. Chat history is stored in an encrypted vault secured by a user-defined password.

Model flexibility alongside privacy controls

At launch, ExpressAI supports five general-purpose models, each tailored to different use cases. These include GPT OSS 120B for writing and summarisation, DeepSeek R1 Distill 32B for multi-step reasoning, Qwen2.5-VL 32B for visual and document analysis, Qwen3.5 35B-A3B for coding and complex workflows, and Nemotron 12B for technical and mathematical tasks.

The platform includes a side-by-side comparison interface, allowing users to run a single prompt across multiple models simultaneously. This feature is positioned as a way to compare outputs and reasoning styles across models within a single workflow.

Usage is tracked through a credit-based system, with visibility into consumption levels. For storage, ExpressAI provides encrypted file handling aligned with the same user-controlled encryption model applied to chat history.

Independent audit and rollout plans

ExpressAI has undergone an independent audit by cybersecurity firm Cure53, covering both frontend and backend systems, as well as cryptographic implementation and infrastructure design. The audit included penetration testing and source code review conducted between February and March 2026.

Cure53 stated that the platform meets its stated privacy objectives, noting that user interactions are processed within cryptographically isolated environments. All identified vulnerabilities were addressed prior to launch.

Peretz said, “People are already turning to AI for high-stakes, personal conversations – from health questions to financial decisions. Whether you’re accessing a bank account online or discussing private matters with a professional, you expect strong privacy protections. But those protections don’t automatically carry over to everyday AI chats.”

ExpressAI will roll out globally in phases via a standalone web application. Initial access is limited to new and existing ExpressVPN Pro plan users, with broader availability expected over time. The service is included within the Pro plan at no additional cost, with users receiving daily usage credits, storage, and access to multiple AI models.