B
bowhead
Confidential computing (TEE) + remote attestation + on-chain settlement

Move compute to data

bowhead provides secure access to life science datasets, foundation model inference, and confidential compute environments, so researchers can run analyses without exposing raw data.

Enter LabBrowse datasetsOpen playground

Research Agent (primary entry)

Tell the agent what you want to do. It will discover data/models, request access, provision compute, and run jobs end-to-end.

Core capabilities

Compute-to-Data architecture: data stays put, compute is verifiable.

Datasets

Access compliance-audited life science datasets across genomics, clinical, proteomics, and more. Flexible billing with time-bound access and data item–based metering.

GenomicClinicalProteomic
Explore

Foundation Models

Invoke leading life science foundation models across proteins, DNA/RNA, and small molecules. All inference runs securely inside a TEE.

ProteinDNA/RNASmall Molecule
Explore

Projects

Launch a confidential computing workspace in one click. Automatically loads enclave images, verifies attestation, and brings up a secure Jupyter environment.

TEE-CPUTEE-GPUJupyter
Explore

Security architecture

bowhead uses a zero-trust security model to ensure processing is verifiable and confidential end-to-end.

  • No plaintext keys in the control plane

    Encryption keys are generated and used only within enclave memory.

  • Short-lived session keys

    Each compute session uses its own ephemeral key, destroyed when the session ends.

  • Data is decrypted only in enclave memory

    Raw data is never written to disk and is processed only inside an attested enclave.

// Security attestation flow
const attestation = await verifyQuote(
hardwareReport,
enclaveIdentity,
policyHash
);
// Establish secure channel
const channel = await createSecureSession({
attestation,
ephemeralKey: generateSessionKey(),
ttl: 3600
});

Transparent billing

Automatic billing, monthly statements, and unlimited reads within the access window.

Dataset billing

  • 1.Time-bound access — buy access (e.g. 30 days) with unlimited reads during the window
  • 2.Data item metering — bill by unique data_id touched or by each read (policy selectable)
  • 3.Dedup options — choose whether repeat reads of the same data item are billed

Model & compute billing

  • 1.Model calls — billed per API call, priced by model complexity
  • 2.Workspace time — billed by TEE instance hours
  • 3.Monthly statements — automatically summarized with line-item breakdowns