"cubic found an off-by-one problem that you'd miss with outdated documentation"

Building a private AI infrastructure

Tinfoil operates at the intersection of AI and privacy, building the infrastructure for running open-source models with verifiable data privacy guarantees using secure hardware enclaves.

"We cannot see any of the data," explains co-founder Sacha Servan-Schreiber. "We never see queries or responses."

This zero-knowledge architecture is built on top of NVIDIA GPUs with confidential computing technology.

The inference processing is isolated to a secure hardware boundary, preventing anyone — even Tinfoil — from seeing inside.

For the Tinfoil team, minimizing software bugs is vital before they hit production servers, since debugging when you can't see what's happening is often a tedious task.

When even GPT-5 can't keep up

AI models struggle with cutting-edge AI infrastructure because their knowledge cutoff precedes the latest open-source developments.

"Everything is moving so fast. The open source code changes on a weekly basis and the models are really out of date."

This makes Tinfoil's engineering team face challenges on multiple fronts:

• Working with bleeding-edge NVIDIA drivers, where documentation is often incomplete

• Running bare-metal multi-GPU deployments with confidential computing, under various hardware configurations and versions that often don’t play well together

• No tolerance for even minor bugs in security-critical production deployments

Catching bugs in uncharted code

For Tinfoil, building the software infrastructure for private AI inference meant battling incorrect documentation.

"Documentation often has issues," Servan-Schreiber notes. Traditional AI tools, trained on older data, don’t follow the latest developments.

Enter cubic, an AI code review agent that catches bugs even when documentation fails.

Unlike GPT-5 or other models that rely on outdated training data, cubic analyzes the actual code patterns and flags potential vulnerabilities, regardless of whether the documentation has caught up.

"cubic found an off-by-one problem that you'd miss with outdated documentation"

The integration proved seamless: cubic comments appear directly in GitHub, where Tinfoil's team could review it and decide how to take action.

"Guys, everyone has to use this"

During a routine pull request, cubic identified a subtle vulnerability that stemmed from incomplete documentation: a register that wasn't being systematically zeroed-out when it should have been.

This bug could have made it through code review and possibly never been caught.

Within hours, cubic went from "let's try this" to "let’s get this installed on all our important repos." The whole team adopted it within a day.

The impact: measurable wins and time saved

• Subtle bugs caught before production deployment

• Best practices are enforced significantly reducing technical debt

• 100% team adoption after first major bug catch

• Complete PR coverage reduces strain on small team

Tinfoil provides privacy-first AI inference, enabling companies to run large language models without exposing any data to third parties, not even to Tinfoil. Learn more at tinfoil.sh

See how cubic can transform your code review process. Start your free trial at cubic.dev