Introducing Assured Execution Environments (AEEs): Verifiable, Deterministic, and Private Execution for Any Linux Workload
January 2026
Today, RISC Zero announced the launch of Assured Execution Environments (AEEs), a new category of secure compute.
Unlike Trusted Execution Environments (TEEs) and Hardware Security Modules (HSMs), which rely on proprietary hardware trust chains, AEEs deliver verifiable execution with transparent, keyless cryptography. AEEs guarantee the correct behavior of the Linux kernel, the distribution, and the user workloads.
AEEs enable organizations to run unmodified Linux applications in a fully deterministic and private execution environment, then produce portable receipts that can be verified anywhere—from mobile devices to browsers—without revealing sensitive code or data.
"At global scale, systems like ARM TrustZone inherit the same failure modes that doomed AACS," said Jeremy Bruestle, CEO of RISC Zero.
"AEEs replace vendor trust with transparent, keyless cryptography."
Key Assurances
- Determinism — Execution behaves identically for all observers, enabling reproducibility and auditability.
- Verifiability — The environment produces cryptographic receipts that guarantee correct behavior.
- Privacy — Developers control what, if anything, is disclosed in the receipt.
AEEs are compatible with unmodified Linux workloads and require no custom SDKs or hardware dependencies. Early use cases include verifiable builds, verifiable policy enforcement, and verification of TEE attestations.
"Using transparent, keyless cryptography means that AEEs are fully inspectable by third parties. There's no risk that a system-critical private key will leak, because all security-relevant aspects of the system are already public," said Frank Laub, CTO of RISC Zero.
RISC Zero is currently working with customers in financial services, critical infrastructure, and confidential computing to pilot AEEs in production environments.