All we know about Cocoon, the new AI infrastructure of Telegram’s founder

When Pavel Durov walked on stage at Blockchain Life 2025 in Dubai, the audience expected another bold speech about privacy, encryption, and the future of platforms. What they didn’t expect was Cocoon — a privacy infrastructure that blends Trusted Execution Environments (TEEs), remote attestation, confidential smart contracts, and zero-knowledge proofs into a single, global privacy layer for AI and enterprise applications.

In a world where artificial intelligence processes trillions of private interactions every day — from medical diagnostics to chatbots handling sensitive data — the pressure to secure this information has never been higher. Cocoon lands right in the center of that storm, presenting itself as a shield against data misuse, surveillance capitalism, and opaque AI decision-making.

But what makes Cocoon different from the dozens of privacy frameworks already out there? And why did its launch generate such a reaction across both the crypto and enterprise AI sectors? The answer lies in how it combines hardware, cryptography, and blockchain-based verification to create something that feels less like an incremental upgrade and more like a system rewrite.

“Privacy must scale faster than AI does”

Durov has always positioned himself as a defender of user autonomy — from Telegram’s encrypted architecture to his public clashes with governments over access to data. Cocoon feels like a natural extension of that ethos, but scaled to an era where AI models ingest more private data in a week than social platforms used to collect in a year.

According to people close to the project, Cocoon was born from two converging fears. One is that of AI models leaking or memorizing user data, and on the other hand, the governments and corporations gaining unprecedented surveillance power through machine-learning pipelines

The internal motto during development was reportedly simple and slightly dramatic: “Privacy must scale faster than AI does.”

To pull this off, the team leaned on decades of research in confidential computing, a field that has rapidly matured thanks to Intel, AMD, NVIDIA, Google, and cloud providers pushing TEE-based security into mainstream infrastructure.

Cocoon’s approach: take these technologies, wrap them into a unified standard, and make them verifiable across blockchains and AI ecosystems.

The core idea: a secure bubble around any AI workload

The name “Cocoon” is not metaphorical. The system literally creates an isolated, verifiable computing chamber around AI and data workloads — a bubble where input, output, and internal model operations remain invisible to anyone outside.

Imagine sending a sensitive document to an AI for analysis. Today, you generally trust the company running the model not to store it, train on it, or access it. Cocoon eliminates trust as a requirement.

With Cocoon, your data enters a secure enclave, gets processed inside a hardware-isolated chamber, and only the final answer leaves — all without exposing the document or the model’s internal behavior.

For enterprises handling medical data, financial records, or strategic intelligence, this isn’t just convenient — it’s survival-level infrastructure.

In his own Telegram channel, Durov recently stated:

“It happened. Our decentralized confidential-compute network, Cocoon, is now live. The first user AI requests are already being processed by Cocoon with 100% confidentiality. GPU owners are already earning TON. https://cocoon.org is available, with documentation and source code.

Centralized compute providers like Amazon and Microsoft act as expensive intermediaries that drive up prices and reduce privacy. Cocoon solves both the economic and confidentiality problems associated with traditional AI compute providers.

Now we scale. In the coming weeks, we’ll be onboarding more GPU supply and attracting more developer demand to Cocoon. Telegram users can expect new AI-related features built with 100% confidentiality. Cocoon will return control and privacy to where they belong — with the users”.

Trusted execution environments: Cocoon’s foundation

At the heart of Cocoon is a distributed network of TEEs — essentially secure processors that guarantee that code runs as intended, that no one can peek inside, and that tampering is detectable.

Many companies already rely on TEEs, but Cocoon adds several layers that significantly expand what they can do:

Remote attestation (RA-TLS)

RA-TLS is the system that allows anyone — a developer, an AI system, or even another company — to verify that code is running inside a genuine, untampered enclave. Cocoon uses RA-TLS as the backbone of trust.

This means that:

• AI tasks are verifiably executed in secure hardware

• Enterprises can prove to regulators that sensitive workloads remain protected

• Users can mathematically confirm privacy instead of relying on claims

Confidential smart contracts

Cocoon introduces the concept of sealed contracts — smart contracts that run inside TEEs, keeping both input data and logic confidential. This is a significant departure from traditional smart contracts, which are public by design.

With sealed contracts:

• Companies can automate sensitive operations without exposing proprietary logic

• AI services can run fee structures, audits, or model interactions privately

• Users gain security without sacrificing transparency or accountability

GPU attestation for AI models

Modern AI runs on GPUs, not CPUs. Historically, GPUs haven’t supported strong hardware attestation, meaning you couldn’t verify where or how an AI model was running.

Cocoon claims to offer what many thought impossible: GPU enclave verification.

If accurate, this enables:

• Confidential model inference

• Protected training operations

• Compliance-ready AI deployments in finance, healthcare, and defense

The industry has been trying to lock this down for years. Cocoon may have just jumped ahead of everyone.

A blockchain backbone for global verification

One of Cocoon’s most unusual choices is integrating these privacy systems with blockchain verification layers. The idea isn’t to create a “crypto product,” but to use blockchains for what they are uniquely good at: global, tamper-proof transparency.

Cocoon uses a hybrid model where a root contract verifies enclave identities, a worker registry tracks available secure nodes, a verification layer logs attestations so anyone can check validity, a witness network ensures TEEs behave honestly.

Think of it as a global audit trail that doesn’t depend on any single government or corporation. It is a new kind of accountability system — one that doesn’t reveal data, only proof of correct behavior.

Zero-knowledge proofs: privacy without trust

Zero-knowledge proofs (ZKPs) have already reshaped several blockchain ecosystems, but their role in Cocoon is more subtle. ZKPs allow a system to prove that something is true (such as a model being executed correctly) without revealing the underlying data.

In Cocoon, ZKPs guarantee that computations inside the enclave match expected outputs. They also allow AI systems to certify integrity without exposing workflows, and enhance compliance by offering cryptographic evidence instead of reports.

The combination of TEEs + ZKPs is one many experts have been predicting, but few have implemented effectively at scale.

Hardware-first privacy in an ai-dominated decade

Cocoon’s launch comes during an inflection point: AI has become so integrated into daily life that most people don’t even realize how much personal information passes through machine-learning models every day.

Businesses face increasing legal pressure to protect user data. Governments are introducing AI-specific privacy rules. Security teams are overwhelmed by new attack vectors. That’s why Cocoon feels timely. It reframes privacy not as a policy, but as infrastructure.

Some of the areas expected to adopt it fastest include:

• healthcare: secure medical AI diagnostics and clinical databases

• finance: confidential fraud detection and private transaction monitoring

• public sector: classified intelligence workflows

• enterprise SaaS: AI copilots that process private company documents

• consumer platforms: privacy layers for chatbots, assistants, and messaging

For organizations stuck between innovation and compliance, Cocoon’s proposition is simple: innovate without leaking data.

What makes cocoon different from existing solutions

Several players are trying to define the future of confidential AI — from big tech companies to specialized cryptography startups. But Cocoon’s approach stands apart in three ways:

1. It unifies hardware and cryptography

Most privacy solutions pick a side: hardware isolation (TEEs) or cryptographic privacy (ZKPs). Cocoon merges both.

2. It standardizes verification at a global scale

Instead of trusting datacenters or vendors, Cocoon uses blockchain-anchored proofs to make verification universal.

3. It targets both enterprises and end-users

Cocoon is not just a backend framework. It’s also designed to integrate with consumer apps, positioning itself as a global privacy shield. In other words, it aims to be everywhere.

The road ahead: opportunity and tension

Despite the hype, Cocoon faces significant challenges — technical, political, and operational.

• Regulators may question the opacity introduced by confidential smart contracts.

• Governments could push back against systems that reduce surveillance capabilities.

• Enterprises may hesitate to adopt hardware-dependent infrastructures.

• Competitors like Microsoft, Google, and dedicated confidential-AI startups won’t stay still.

At the same time, the timing aligns perfectly with a growing global demand for digital autonomy. Whether Cocoon becomes a universal privacy layer or just a powerful niche tool will depend on how effectively it bridges the gap between trust, verification, and mass adoption.

If Durov’s bet is right, privacy in the AI age won’t be a luxury — it will be infrastructure.

Frequently Asked Questions

What problem does Cocoon solve?

Cocoon protects AI workloads and sensitive data by running them inside secure hardware enclaves. This prevents unauthorized access, model leakage, and data misuse while providing verifiable proof of correct execution.

How is Cocoon different from traditional encryption?

Encryption protects data at rest and in transit, but not while it’s being processed. Cocoon extends protection to the computation stage by using TEEs and zero-knowledge proofs to secure operations end-to-end.

Can businesses integrate Cocoon without blockchain expertise?

Yes. Although Cocoon uses blockchain verification, the integration is abstracted away. Enterprises interact through APIs, and the verification layer runs in the background without requiring blockchain knowledge.

Is Cocoon compatible with existing AI models?

Cocoon is designed to wrap around existing AI systems, including large language models and GPU-optimized architectures. It doesn’t require retraining or redesigning models.

Why is hardware attestation important in AI security?

Hardware attestation proves that AI computations are executed in genuine, untampered environments. It ensures integrity, prevents insider attacks, and provides cryptographic evidence for regulators and partners.