← AI Safety Orgs

OpenMined

Research

Privacy-preserving AI. $17M CG.

Founded
2017
HQ
New York, NY
Team
5
Structure
501(c)(3) nonprofit
Model
Grants

Theory of Change

OpenMined's theory of change has evolved significantly since its 2017 founding but now centers on a claim from founder Andrew Trask's Oxford DPhil thesis: "Many of AI's risks in areas like privacy, value alignment, copyright, concentration of power, and hallucinations can be reduced to the lack of attribution-based control in AI systems." The proposed solution is to build infrastructure -- combining cryptography, distributed systems, and deep learning -- that enables AI models to preserve the link between data sources and predictions, allowing data owners to control their contributions and AI users to verify what sources inform outputs.

In practice, the near-term theory of change is more concrete: build privacy-preserving infrastructure (secure enclaves + PySyft) that enables external evaluation of frontier AI models without revealing proprietary data or model weights. If labs can be evaluated by third parties without IP risk, the argument goes, governments and researchers can hold AI developers accountable.

Trask describes the end-state vision as "broad listening" -- AI as a communication technology connecting people, not a centralized intelligence tool. "The most mature version of this tech is a communication technology. Deep learning becomes a communication technology" (CSM podcast, Sep 2025).

What They Do

Secure Enclaves for AI Evaluation: The flagship project. In December 2024, OpenMined piloted secure enclave-based AI evaluation with UK AISI and Anthropic using NVIDIA H100 TEEs, PySyft, and Azure confidential computing. Two organizations jointly governed a computation where each kept assets confidential. The entire process took 28 minutes. However, the pilot used GPT-2 as a proxy model and a public dataset -- not actual frontier models or sensitive data.

NIST CRADA (March 2026): NIST's Center for AI Standards and Innovation signed a collaborative research agreement with OpenMined for privacy-preserving AI evaluation methods -- the highest-profile government partnership to date.

Christchurch Call algorithmic auditing (2022-2023): Deployed PySyft at DailyMotion and LinkedIn, enabling 4 external researchers to study recommender systems without accessing raw data. Funded by NZ/US governments, Microsoft, and Twitter. Described as the first-ever privacy-preserving platform audit at scale.

Other deployments: Reddit external researcher access program, UN PET Lab cross-border statistical collaboration (US Census, StatCan, ISTAT), NAIRR pilot partner.

PySyft: 9.8K GitHub stars, open source under Apache 2.0. Mature enough for deployment at multiple organizations. SyftBox and BioVault represent newer expansions into developer tools and genomics.

Publications: "Beyond Privacy Trade-offs with Structured Transparency" (Trask, Dafoe et al., AAAI/ACM AIES 2020), "Enabling External Scrutiny of AI Systems with PETs" (CSET/Georgetown, 2025), secure enclaves blog post (30+ co-authors, Dec 2024).

Key People

Andrew Trask -- Founder and Executive Director. Simultaneously Senior Research Scientist at Google DeepMind, PhD student (ABD) at Oxford, CFR Term Member, and former FHI/GovAI affiliate. Author of "Grokking Deep Learning." His first job was doing on-prem AI for data too sensitive for the cloud (Digital Reasoning, 2011). Does not appear to draw salary from OpenMined.

Madhava Jay -- Head of Engineering since 2020. Self-taught engineer from Brisbane, Australia (Certificate IV in IT, Udacity AI Nanodegree). Discovered OpenMined while working at a MedTech startup. Oversees PySyft development. Salary: $143,333.

Team structure: 5 paid staff (total compensation: $623K), plus an open-source community of ~18,000 Slack members. The Padawan Program has mentored 550+ volunteers, with 80+ graduating to regular contributors. This volunteer-heavy model is unusual for an org building security-critical infrastructure.

Money and Incentives

Total known funding: ~$22.5M+

Revenue breakdown:

  • Coefficient Giving / Open Philanthropy: $16,971,720 (75% of total) -- three grants under "Navigating Transformative AI"
    • Apr 2022: $28,320 (PETs + AI Safety research)
    • Sep 2023: $6,000,000 (Software for AI Audits)
    • Jun 2025: $10,943,400 (Secure Enclaves for LLM Evaluation)
  • Future of Life Institute: $1,661,750 (Jul 2025)
  • Historical Open Collective (2017-2024): $3,872,436 from diverse sources:
    • Sloan Foundation: $648K
    • Georgetown/CSET: $549K
    • Microsoft: $500K
    • Twitter: $499K
    • NZ Government: $450K
    • Meta: $600K (combined)
    • BitMEX: $300K
    • UCSF: $167K
    • Omidyar: $100K

Business model: 100% grant-funded. No earned revenue, no subscription product, no paid support for PySyft. Open source under Apache 2.0.

Funder concentration: CG/OP provides ~75% of all known funding. This is extreme dependency on a single funder.

Lab funding conflicts: Microsoft ($500K historically + Azure infrastructure), Meta ($600K), and Twitter ($499K) have all funded OpenMined -- the same companies whose platforms OpenMined audits. The Christchurch Call was directly funded by Microsoft and Twitter while auditing their algorithms.

Key conflict: Andrew Trask is simultaneously Executive Director of OpenMined AND Senior Research Scientist at Google DeepMind, a frontier lab whose models could be evaluated using OpenMined's infrastructure. No conflict of interest disclosure or recusal policy is publicly documented.

Salaries: Five paid staff total $623K. Ronnie Falcon (CPO): $192K, Madhava Jay (Head of Engineering): $143K, Peter Smith (CFO): $133K, Bennett Farkas (CMO): $96K, Lacey Strahm (Head of Policy): $58K. Trask does not appear to be compensated by OpenMined.

Financial transparency: No 990 filings available yet (IRS ruling year 2024). Charity Navigator cannot rate the org. First full financial disclosure should come in late 2026 or 2027.

What Others Say

No direct criticism of OpenMined exists in the public record. Despite extensive searching, no one has publicly argued that OpenMined's approach is wrong or that its funding is misguided. The org is effectively invisible to the LW/EA Forum discourse where AI safety organizations are typically scrutinized.

Indirect challenges to the approach:

Bruce Schneier on the TEE.fail attack (Nov 2025): "Yes, these attacks require physical access. But that's exactly the threat model secure enclaves are supposed to secure against." The attack defeats TEE protections from Intel, AMD, and NVIDIA with 3 minutes of physical access.

Gabriel Mukobi (UC Berkeley) identifies 10 failure modes for AI risk evaluations -- 6 ways evaluations fail to improve understanding and 4 ways understanding fails to improve mitigation. "Evaluations could even be harmful, for example, by triggering the weaponization of dual-use capabilities."

Duality Technologies documents TEE limitations: side-channel attacks, vendor trust requirements, single-server scalability constraints, and development complexity.

Open Philanthropy's own RFP on Capability Evaluations (Nov 2025) identifies three challenges for AI evaluations. OpenMined's infrastructure addresses only one (access constraints). The other two (inadequate benchmarks and underdeveloped evaluation science) are about what to evaluate and how to interpret results -- problems that privacy infrastructure does not solve.

Independent endorsement: The CSET/Georgetown arXiv paper provides the strongest third-party validation, concluding that "trustworthy privacy-preserving technical solutions for external scrutiny of AI systems have succeeded in real-world governance scenarios."

What's Absent

  • Zero LessWrong / EA Forum / Alignment Forum posts -- extraordinary for a $17M+ CG grantee. The AI safety discourse community has not vetted, critiqued, or endorsed the theory of change.
  • No deployment with actual frontier models. All demonstrations use proxy/simulated data. The gap between proof-of-concept and operational safety infrastructure remains unclosed.
  • No public conflict of interest disclosure for Trask's dual DeepMind/OpenMined role.
  • No public board list -- only one board member (a podcast host) identified through research.
  • No public response to TEE.fail attack despite secure enclaves being the core technology of the $10.9M CG grant.
  • No independent security audit of PySyft or the secure enclave implementation publicly documented.
  • No 80,000 Hours podcast appearance or engagement with canonical AI safety podcasts.
  • No engagement with technical alignment research community -- no citations of alignment papers, no collaborations with alignment researchers.

Recommended Reading

  1. Interconnects interview with Andrew Trask (Oct 2024) -- https://www.interconnects.ai/p/interviewing-andrew-trask -- The most candid source. Trask explains the technology with genuine enthusiasm, honestly acknowledges the pilot used simulated data, and articulates a vision for retrieval-based models as safer AI architecture. Best source for understanding how Trask actually thinks.

  2. Schneier on TEE.fail (Nov 2025) -- https://www.schneier.com/blog/archives/2025/11/new-attacks-against-secure-enclaves.html -- The strongest counterargument to OpenMined's core approach. Short and devastating.

  3. CSET/Georgetown: "Enabling External Scrutiny of AI Systems with PETs" -- https://arxiv.org/html/2502.05219 -- Best independent technical assessment of what OpenMined actually does and what it means for AI governance.

  4. Attribution-Based Control DPhil thesis pre-print -- https://attribution-based-control.ai/ -- The theoretical foundation. Understand this to assess whether the core claim -- that attribution solves AI's major problems -- is compelling.

  5. Mukobi: "Reasons to Doubt the Impact of AI Risk Evaluations" -- https://arxiv.org/abs/2408.02565 -- The structural case that evaluation infrastructure may not reduce risk, challenging the entire value proposition.

Show Claude’s analysis
An opinionated read. Read the brief first to form your own view.

Stated Theory of Change

OpenMined's stated theory of change operates at two levels:

Near-term (funded by CG/OP): Build privacy-preserving infrastructure that enables external evaluation of frontier AI models. If evaluators can access models without seeing proprietary weights, and model developers can be evaluated without losing IP, then governments and researchers can hold AI developers accountable. This creates an accountability layer that makes safety commitments verifiable.

Long-term (Trask's full vision): Attribution-based control transforms AI from a "tool of central intelligence" into a "communication technology." When every AI prediction carries attribution to its data sources, users can verify and control what informs their AI outputs. This solves hallucinations, copyright, value alignment, concentration of power, and loss of control simultaneously, while unlocking "6 orders of magnitude more data" by incentivizing data owners to participate.

The causal chain: Build open-source PETs infrastructure -> Enable external evaluation of frontier models -> Create accountability for AI developers -> Make safety commitments verifiable -> Reduce catastrophic risk. In the long term: Shift AI architecture from parametric to retrieval-based -> Enable attribution-based control -> Decentralize AI power -> Make AI safe by design.

Revealed Theory of Change

Actions suggest a more nuanced picture:

What they actually do: OpenMined has successfully deployed PySyft for social media algorithm auditing (DailyMotion, LinkedIn, Reddit), cross-border statistical collaboration (UN), and one proof-of-concept secure enclave pilot with simulated data. The highest-impact deployments are in data governance, not AI safety.

Where the money goes: 5 paid staff on $623K total compensation, running deployments across multiple countries and building complex cryptographic infrastructure. The rest presumably goes to compute, subcontractors, and infrastructure costs associated with the grants. The volunteer model subsidizes what would otherwise require a much larger paid team.

What the trajectory reveals: The 2017 blockchain origins, the 2020 federated learning focus, the 2022 social media auditing work, and the 2024 secure enclave pivot form a pattern: OpenMined builds the best version of privacy-preserving computation it can with available technology, then repositions to match the highest-value application. The pivot to AI safety evaluation coincided precisely with the availability of CG/OP funding under "Navigating Transformative AI."

The gap: No frontier model has been evaluated through OpenMined infrastructure with real data. The Dec 2024 pilot used GPT-2 (a 2019 model) and a public dataset. The NIST CRADA is a research agreement, not an operational deployment. The distance between where OpenMined is and where it needs to be for the safety theory of change to work is large.

Key Assumptions

1. Evaluations reduce catastrophic risk.

  • Evidence for: OP's entire evaluation portfolio assumes this. If-then commitments (Anthropic's RSP, etc.) require evaluations as triggers.
  • Evidence against: Mukobi identifies 10 failure modes. Evaluations may not improve understanding (6 ways) or mitigation (4 ways). Current benchmarks saturate quickly. Labs can "teach to the test."
  • Testable: Yes -- track whether evaluation results actually change lab behavior.
  • If wrong: OpenMined's entire AI safety value proposition collapses. The infrastructure becomes useful for data governance and regulatory compliance but not for preventing catastrophic risk.

2. Secure enclaves provide sufficient security guarantees.

  • Evidence for: Hardware-based encryption, attestation protocols, near-native performance. Used by Apple, deployed in Azure.
  • Evidence against: TEE.fail defeats all three chipmakers' protections with 3-minute physical access. Side-channel attacks remain an active research area. Current TEEs limited to single physical servers.
  • Testable: Yes -- ongoing security research will reveal whether TEEs can be hardened against physical attacks.
  • If wrong: The multi-party governance model loses its trust anchor. If the enclave can be compromised, there's no guarantee that confidential data stays confidential.

3. Labs will voluntarily participate (or be compelled to).

  • Evidence for: Anthropic participated in the UK AISI pilot. NIST signed a CRADA. EU AI Act and other regulation may mandate external evaluation.
  • Evidence against: CSET paper notes "many model owners may not be so willing." No frontier lab has submitted real models for evaluation through OpenMined infrastructure. Current participation is for proofs of concept, not operational evaluations.
  • Testable: Yes -- watch whether any lab actually uses this for real model evaluation.
  • If wrong: The infrastructure exists but goes unused. Without regulatory mandates, the default is voluntary cooperation, which historically produces limited accountability.

4. Attribution-based control is technically achievable.

  • Evidence for: Trask's thesis describes how existing techniques could be combined. Retrieval-based models (RETRO) demonstrate some aspects. Mixture of experts is a step toward partition.
  • Evidence against: The thesis is a pre-print, not a demonstrated system. Scaling retrieval-based architectures to frontier capability is an open research problem. The claim that ABC solves value alignment conflates information attribution with goal specification.
  • Testable: Partially -- retrieval-based model performance is measurable.
  • If wrong: The grand vision fails but the near-term evaluation infrastructure remains useful.

5. Data owners will participate in OpenMined's network.

  • Evidence for: Reddit, DailyMotion, LinkedIn, UN agencies, NIST have all participated. The value proposition for data owners is clear.
  • Evidence against: These are pilot programs and research collaborations, not production deployments. No evidence of self-sustaining network effects.
  • Testable: Yes -- measure growth in deployments and data owners.
  • If wrong: The "internet for non-public information" vision doesn't materialize.

Strengths

Genuine technical capability. PySyft is real, deployed software with 9.8K GitHub stars. The CCIAO deployment demonstrated privacy-preserving auditing at real organizations. The CSET paper independently validates the approach. This is not vaporware.

Institutional partnerships. NIST CRADA, UK AISI pilot, UN PET Lab, Christchurch Call. These represent genuine engagement with governance institutions that could mandate evaluation.

Correct identification of a real gap. The inability to evaluate AI models without seeing proprietary information is a genuine barrier to accountability. OpenMined is the leading effort to close this gap.

Trask's intellectual range. The Interconnects interview reveals a thinker who connects hardware, software, policy, economics, and history. His analysis of GPU demand distortion and retrieval-based models shows genuine insight.

Open source commitment. Everything is Apache 2.0. This eliminates vendor lock-in concerns and enables community scrutiny of the codebase.

Weaknesses and Risks

The DeepMind conflict is disqualifying until addressed. The Executive Director works at a frontier lab whose models the org's infrastructure evaluates. This is not an edge case -- it is a fundamental governance failure for an organization claiming to enable independent evaluation. No conflict disclosure, no recusal policy, no public acknowledgment of the tension.

Zero engagement with the AI safety community. No LW/EA Forum presence, no 80K Hours appearance, no alignment research citations. The theory of change has not been vetted by the community that is most expert in evaluating AI risk reduction strategies. This is a $17M+ investment that has received zero community scrutiny.

Proof-of-concept to production gap. The secure enclave pilot used a 2019 model and public data. Frontier models require multi-node clusters that current TEEs cannot support. The TEE.fail attack undermines the core security guarantee. The gap between demonstration and operational safety infrastructure is large and growing as models scale.

Evaluation infrastructure does not equal safety. Even if perfectly implemented, secure enclave-based evaluation only works if: evaluations themselves are effective (contested by Mukobi et al.), labs voluntarily participate or are compelled, evaluation results actually change lab behavior, and the right things are being evaluated. OpenMined addresses the access problem but not the methodology, interpretation, or enforcement problems.

Financial fragility. 75% funding concentration in CG/OP, 100% grant-dependent, no earned revenue. Five paid staff. If CG priorities shift (as they have for other grantees), OpenMined's operations could collapse.

Governance immaturity. 501(c)(3) status since 2024. No public board list. No 990 filings. No Charity Navigator rating. A podcast host is the only publicly identified board member. Governance structures appear to be catching up with the pace of funding.

Cross-References

METR / Apollo Research / AISI: These organizations are the primary users of the evaluation infrastructure OpenMined builds. They focus on what to evaluate; OpenMined focuses on how to evaluate securely. Complementary if evaluation methodology matures.

Anthropic: Participated in the secure enclave pilot. If Anthropic scales this into real pre-release testing through OpenMined infrastructure, it validates the approach. But Trask's DeepMind employment creates a tension with evaluating Google's competitor.

Open Philanthropy / Coefficient Giving: The dominant funder. OP's own RFP on evaluation identifies three challenges; OpenMined addresses one (access). The other two (benchmarks, evaluation science) represent OP's recognition that infrastructure alone is insufficient.

Alignment research orgs (ARC, MIRI, Redwood): No connection. OpenMined operates at the governance/infrastructure layer, not the alignment theory layer. This is a valid specialization but means their theory of change depends entirely on evaluation-based approaches.

What Would Change This Assessment

Upward: A frontier lab submits a real model for evaluation through OpenMined infrastructure and the results inform a consequential safety decision. TEE.fail is mitigated by next-generation hardware. Trask publicly addresses the DeepMind conflict with a formal recusal policy. Regulatory mandates for external evaluation create guaranteed demand. Board composition includes independent governance expertise.

Downward: TEE vulnerabilities prove fundamental rather than fixable. No frontier lab adopts the infrastructure beyond pilots. Mukobi-style critiques gain empirical support showing evaluations don't change lab behavior. CG/OP funding doesn't renew. The ABC framework fails to produce working retrieval-based models with frontier capability.

Neutral but informative: First 990 filing reveals spending patterns. Board composition becomes public. OpenMined engages with LW/EA Forum and the theory of change faces community scrutiny.

Self-Critique

Weakest claim: My assessment that the ABC framework "conflates tractable problems with intractable ones" may be unfair. It's possible that attribution is a deeper unifying principle than I'm giving it credit for. I have not engaged deeply enough with the technical details of how retrieval-based architectures could provide formal safety guarantees to fully evaluate this claim.

Potential bias: I may be systematically undervaluing infrastructure work because it's less intellectually exciting than alignment theory. The history of technology suggests that infrastructure often matters more than anyone expects. The people who built HTTPS didn't need to understand cryptography theory -- they needed to ship reliable software. OpenMined might be in this category.

What I missed: I could not access Trask's Cohere talk (YouTube), the UK Parliament written evidence, or the Medium interview. These might contain important additional perspectives. I also have limited visibility into the actual security properties of the implementation, since no independent audit is public.

What a thoughtful disagreer would say: "You're applying AI safety community standards to an organization that deliberately operates outside that community. OpenMined's theory of change is about governance infrastructure, not alignment research. It should be evaluated against governance organizations (NIST, OECD, ISO) not against alignment orgs (MIRI, ARC). By that standard, a $17M org building infrastructure that NIST has formally adopted is an extraordinary success."

What would most change my view: Evidence that a frontier lab submitted a real model for evaluation through OpenMined infrastructure and the results actually changed a deployment decision. This would close the proof-of-concept to production gap and demonstrate the full causal chain.

Connected to (8)

Anthropiccollaborator
Council on Foreign Relationsadvisor at · Andrew Trask
Centre for the Governance of AIcollaborator · Andrew Trask
Georgetown CSETcollaborator
Google DeepMindstaff from · Andrew Trask
NISTcollaborator
UK AI Safety Institutecollaborator
University of Oxfordcollaborator · Andrew Trask
Sources (61)
Every URL that was read during research.
  1. 1.Homepageopenmined.org
  2. 2.Secure Enclaves for AI Evaluationopenmined.org
  3. 3.Andrew Traskandrewtrask.ai
  4. 4.Announcement: CAISI signs CRADA with OpenMined to Enable Secure AI Evaluationsnist.gov
  5. 5.OpenMined: Privacy-preserving third-party audits on Unreleased Digital Assets with PySyftgov.uk
  6. 6.1 Introductionarxiv.org
  7. 7.Privacy-Preserving Tech – Tools for Safe Data Useblog.openmined.org
  8. 8.NAIRR Programopenmined.org
  9. 9.GitHub - OpenMined/PySyft: Perform data science on data that remains in someone else's servergithub.com
  10. 10.Interviewing Andrew Trask on how language models should store informationinterconnects.ai
  11. 11.Foundationopenmined.org
  12. 12.Careersopenmined.org
  13. 13.OpenMined - Building AI governance infrastructure to facilitate AI safety research across the globeopenmined-website.vercel.app
  14. 14.Interview with Deep Learning Researcher and Leader of OpenMined: Andrew Trask | HackerNoonhackernoon.com
  15. 15.Third-party evaluation to identify risks in LLMs’ training dataopenmined.org
  16. 16.Attribution-Based Controlopenmined.org
  17. 17.Unlocking a Million Times More Data for AI Through Attribution-Based Controlopenmined.org
  18. 18.Federating AI with Attribution-Based Controlsyft-protocol.openmined.org
  19. 19.OpenMined - Open Collectiveopencollective.com
  20. 20.Attribution-Based Control in AI Systemsattribution-based-control.ai
  21. 21.GPU demand is (~1Mx) distorted by efficiency problems which are being solvedopenmined.org
  22. 22.SyftBoxopenmined.org
  23. 23.About - BioVaultbiovault.net
  24. 24.The Rights and Attribution Layer for AIsyft-protocol.openmined.org
  25. 25.Foundational Research Grants | Center for Security and Emerging Technologycset.georgetown.edu
  26. 26.Safe, Secure, Private: Research finds third parties can audit online algorithmschristchurchcall.org
  27. 27.New Research Shows Promise for Safe, Secure & Private Auditing of Social Media Algorithmsopenmined.org
  28. 28.Christchurch Call Initiative on Algorithmic Outcomeschristchurchcall.org
  29. 29.Navigating Transformative AIopenphilanthropy.org
  30. 30.New Attacks Against Secure Enclaves - Schneier on Securityschneier.com
  31. 31.TEEs & Confidential Computing: What Enterprises Need | Dualitydualitytech.com
  32. 32.Madhava Jay — Grokipediagrokipedia.com
  33. 33.Work on AI’s most exciting frontier, no PhD required!openmined.org
  34. 34.Meet OpenMined’s new PyTorch-OpenMined Fellowsopenmined.org
  35. 35.Beyond Privacy Trade-offs with Structured Transparencyarxiv.org
  36. 36.Meet OpenMined’s new UCSF-OpenMined Fellowsopenmined.org
  37. 37.What is Broad Listening?openmined.org
  38. 38.Reasons to Doubt the Impact of AI Risk Evaluationsarxiv.org
  39. 39.OpenMined Joins as Launch Partner for the NAIRR Pilot: Democratizing Access to AI Resources in the USopenmined.org
  40. 40.Anthropic model subject of first joint evaluation by US, UK AI Safety Institutesfedscoop.com
  41. 41.OpenMined (PySyft)edwinwenink.github.io
  42. 42.Introducing OpenMined Researchopenmined.org
  43. 43.PySyft FAQsopenmined.org
  44. 44.OpenMined Foundation - Future of Life Institutefutureoflife.org
  45. 45.Request for Proposals: Improving Capability Evaluationsopenphilanthropy.org
  46. 46.Blogopenmined.org
  47. 47.Auditing Proprietary Algorithms while Preserving Privacy is Possible: Here's Howchristchurchcall.org
  48. 48.OPENMINED FOUNDATION | Charity Navigator Profilecharitynavigator.org
  49. 49.Computer Says Maybe | Transcript: Nodestar: Turning Networks into Knowledge w/ Andrew Traskcsm.transistor.fm
  50. 50.Andrew Trask | AI Scientist | Book With Speakers Incspeakersinc.com
  51. 51.OpenMinedgithub.com
  52. 52.GPU demand is (~1Mx) distorted by efficiency problems which are being solvedandrewtrask.substack.com
  53. 53.OpenMined: AI + blockchain = data democracy revolutionibtimes.co.uk
  54. 54.Announcing our Partnership with Reddit to Expand Privacy-Preserving Researcher Accessopenmined.org
  55. 55.OpenMined Featured in Landmark Ofcom Report on Researcher Access to Informationopenmined.org
  56. 56.Moving Beyond the Open vs. Closed AI Debateopenmined.org
  57. 57.PySyftopenmined.org
  58. 58.OpenMined - PRIMO.aiprimo.ai
  59. 59.OpenMined - Open Collectiveopencollective.com
  60. 60.Bridging Borders, Protecting Privacy: How PySyft is Revolutionizing International Statistical Collaborationopenmined.org
  61. 61.Syft featured in Guide on PETs in Official Statisticsopenmined.org