Executive Summary
As AI workflows become increasingly integrated into sensitive domains such as legal, medical, and operational systems, data privacy becomes a critical concern. Current integrations with AI models from providers like OpenAI, Anthropic, Google, Meta, and xAI typically rely on HTTPS and server trust; the models only operate in unencrypted, human-readable text (“plaintext”).
Further, automation platforms such as Activepieces, n8n, Zapier, and Make commonly pass user data as plaintext to execute workflows, inherently making them an underappreciated security vulnerability.
This white paper presents Zero-Insight AI Workflows (“ZeroW”), a novel architecture to protect sensitive data by encrypting user information on the client side, processing it through the workflow as unreadable, encrypted data (“ciphertext”), and decrypting it only by the AI model utilizing Model Context Protocol (“MCP”).
By leveraging MCP to call secure cryptographic tools for key retrieval and data processing, with decryption occurring in isolated environments, this architecture sets a new standard for privacy-preserving AI automation.
Data remains encrypted throughout the automation pipeline, is only decrypted and processed by securely isolated AI models with controlled key access. Outputs are re-encrypted by the AI model (again using MCP) before storage or transmission, ensuring that plaintext remains invisible to automation layers and developer infrastructure. This approach ensures a genuinely privacy-preserving workflow where developers and automation platforms cannot access raw data.
The Problem: Plaintext Exposure
In typical AI-driven automation:
- Data transmitted via HTTPS (or otherwise) is decrypted and processed as human-readable plaintext in backend/automation workflow processes.
- API logs, workflow history, and error reports frequently contain plaintext data.
- Developers often have complete visibility and access to sensitive information.
These practices introduce security vulnerabilities, which are problematic for workflows involving sensitive legal, medical, or financial data. HTTPS alone does not provide sufficient protection.
ZeroW Architecture Overview
Core Components:
- Client-Side Encryption: Data encryption occurs within user-facing environments (e.g., web or mobile applications) before data leaves the user's device.
- Automation Layer: With the exception of non-sensitive routing metadata, the automation workflow processes encrypted ciphertext exclusively, without decrypting the content.
- Decryption Tool: A decryption tool is called by the AI model to provide secure key retrieval and decryption via MCP.
- AI Model: Only the AI model that is processing data can decrypt the ciphertext, utilizing securely managed keys.
- Re-Encryption Tool: A separate MCP tool is called by the AI model prior to returning data to the user. This enables re-encryption of model outputs in a secure environment.
- Encrypted Output Storage: All sensitive data is stored as only ciphertext in platforms like Google Sheets, Firebase, or Supabase.
- Decrypted Returns: Ciphertext is decrypted at the user-end to display plaintext returns to the user.
Key Security Properties
- Conditional Decryption: Data remains encrypted except within trusted processing contexts.
- Ciphertext-Only at Rest: Automation platforms and execution logs primarily store encrypted data, except where plaintext is explicitly necessary for workflow functionality.
- Strict Key/Data Separation: Decryption keys and encrypted data are never simultaneously accessible to automation systems.
- Mandatory Output Re-Encryption: All outputs from the AI model are encrypted prior to storage or transmission.
- Operator Separation: Optional use of separate automation instances for key management.
Use Cases
- Secure analysis of legal documents without developer visibility.
- Protected medical note summarization.
- Confidential financial report generation.
- Intake form processing without backend exposure of sensitive user content.
Limitations & Considerations
This architecture specifically addresses the confidentiality of sensitive data within LLM-based workflows. It is presented as a conceptual framework intended to guide and inspire future development, rather than as a prescriptive implementation.
While the components and flow described are technically feasible with current tools, implementation-specific challenges—such as cryptographic key lifecycle management, trusted AI model execution environments, and enterprise-grade auditing systems—are deliberately left to future developers, researchers, and system architects. This white paper is designed to offer a foundational structure for secure AI integration, with the expectation that practical execution will evolve as tools, standards, and models mature.
Current LLMs are not designed to securely execute cryptographic computations. Instead, cryptographic operations must be executed in trusted environments to ensure security, but can be facilitated by MCP tools (which themselves must be secure).
Current AI models inherently require plaintext data, at some point, internally. This architecture relies on strict isolation and rapid re-encryption rather than true end-to-end encryption, as the AI model necessarily briefly sees plaintext in order to function. Additionally, this architecture assumes trust in the environment running the AI model, which is important for practical security assurance.
For non-sensitive tasks like sorting or metadata-based routing, consider only encrypting sensitive fields. Non-sensitive metadata can be used in plaintext for practical routing and analytics.
Lastly, current AI models inherently reveal plaintext during internal processing due to their architecture, limiting these protective measures unless paired with stringent enterprise safeguards like encrypted log storage and rigorous access controls.
Future Directions
To further advance and streamline adoption of ZeroW, we propose developing a cross-platform, reusable encryption library (AES-256, dynamic IV generation) compatible with coding languages like JavaScript and Python. This library would encapsulate best practices, simplify client-side encryption, and align with regulatory compliance standards (HIPAA, GDPR). Challenges include maintaining consistent security updates, broad compatibility, and ensuring secure dynamic key management.
Conclusion
ZeroW represents a significant advancement in the secure integration of AI within sensitive environments, clearly delineating encryption, automation, and data interpretation responsibilities.