This is the canonical use case for Tinfoil: https://tinfoil.sh/inference. It provides verifiably private AI inference with frontier open source models: https://docs.tinfoil.sh/models/overview

Disclaimer I'm the cofounder, only recommending it because it's legitimately the right shape for your problem. The idea is that the model runs inside a secure enclave (using NVIDIA confidential computing), and the enclave code is open source and is verified via remote attestation upon connection: https://docs.tinfoil.sh/verification/verification-in-tinfoil

Thanks!

Anything you see missing in Copilot to achieve that?

Not sure if you noticed, but there's an arch-diagram in the info popup [1].

[1] https://copilot.simplepdf.com/?share=a7d00ad073c75a75d493228...