“Federated Learning accelerates model development while protecting privacy.”

Data Science and Machine Learning Trends You Can’t Ignore, September 2021​

Federated Learning: A managed process for combining models trained separately on separate data sets that can be used for sharing intelligence between devices, systems, or firms to overcome privacy, bandwidth, or computational limits.“

Five Key Advances Will Upgrade AI To Version 2.0 For Enterprises, February 2021​

While Federated Learning is a nascent technology, it is highly promising and can enable companies to realize transformative strategic business benefits. ​"FL is expected to make significant strides forward and transform enterprise business outcomes responsibly.”

Ritu Jyoti, group vice president, Artificial Intelligence Research at IDC.​

“Federated Learning: AI's new weapon to ensure privacy.

A little-known AI method can train on your health data without threatening your privacy, March 2019​

“Federated Learning allows AI algorithms to travel and train on distributed data that is retained by contributors. This technique has been used to train machine-learning algorithms to detect cancer in images that are retained in the databases of various hospital systems without revealing sensitive patient data.

The New Tech Tools in Data Sharing, March 2021​


Tras de años de investigación, Sherpa.ai ha desarrollado la plataforma de aprendizaje federado más avanzada para la privacidad de los datos, que está teniendo un gran impacto en el mundo académico y la industria.

El Aprendizaje Federado es un paradigma de Machine Learning destinado al aprendizaje de modelos a partir de datos descentralizados, tales como datos ubicados en los smartphones de los usuarios, en hospitales o en bancos, y garantizando la privacidad de los datos.

Esto se logra entrenando los modelos localmente en cada nodo (por ejemplo, en cada hospital, en cada banco o en cada smartphone), compartiendo únicamente los parámetros actualizados en cada nodo, (sin compartir los datos del usuario) y agregándolos de manera segura para construir un mejor modelo global.


Companies are implementing Federated Learning as their data remains locked in their servers and only the predictive model with the knowledge acquired is transferred between parties.

benefits of using federated learning in comparison with edge computing and centralized learning

Modelos colaborativos más potentes, o no factibles utilizando soluciones estándar, sin intercambiar datos privados.

Privacidad de datos por diseño, sin riesgo de que se vean comprometidos.

Cumplimiento de las Regulaciones. Los datos nunca abandonan el entorno de las partes involucradas.

Menor riesgo de filtraciones de datos. Se reducen las posibles áreas de ataque.

Transparencia sobre cómo se entrenan los modelos y cómo se utilizan los datos.

Dónde aplicar
Federated Learning

Esta tecnología es disruptiva en los casos en los que es obligatorio garantizar la privacidad de los datos.

Cuando los datos contienen información confidencial, como datos privados de pacientes, información financiera personal y cualquier otra información confidencial.

Debido a la legislación de privacidad de datos, las instituciones de salud, los bancos y las compañías de seguros, no pueden compartir registros individuales, pero se beneficiarían de mejoras en el aprendizaje automático si entrenaran modelos con datos de otras entidades.

Dos partes quieran aprovechar sus datos sin compartirlos. Por ejemplo, dos compañías aseguradoras podrían mejorar la detección de fraude, entrenando modelos a través del aprendizaje federado, de modo que ambas compañías dispondrían de un algoritmo predictivo de gran precisión, pero en ningún momento compartiría con la otra parte los datos de su negocio.

Federated learning paradigms

Federated Learning can be classified into horizontal, vertical and federated transfer learning, according to how data is distributed among the agent nodes in the feature and sample spaces.


schema of horizontal federated learning

Horizontal Federated Learning is introduced in those scenarios, where data sets share the same feature space (same type of columns) but differ in samples (different rows).

Use cases: Diagnosis of diseases.


schema of vertical federated learning

Two parties or companies want to take advantage of their data without sharing it. In this case, to perform the prediction, both parties need to have the same clients or users in common.

Use cases: Two insurance companies could improve fraud detection training models through federated learning so that both companies would have a highly accurate predictive algorithm, but they would not share their business data with the other party.


schema of federated transfer learning

Two parties or companies want to take advantage of their data without sharing it but they only have very few clients of users in common.

The system can learn from common users and transfer de knowledge and apply it with news clients.

Use cases: Two insurance companies could improve fraud detection, training models through federated learning, so that both companies would have a highly accurate predictive algorithm, but they would not share their business data with the other party.


Differential Privacy is a statistical technique to provide data aggregations, while avoiding the leakage of individual data records. This technique ensures that malicious agents intervening in the communication of local parameters cannot trace this information back to the data sources, adding an additional layer of data privacy


At Sherpa.ai an innovative solution that integrates Federated Learning and Differential Privacy has been developed. With the use of Differential Privacy, we ensure that no data can be obtained by masking the original information with controlled and adaptative noise, while maintaining the performance of the predictive algorithm. This prevents malicious agents from obtaining, tracing or deducing data from the clients as even reverse engineering techniques turn to be useless.
schema of differential privacy


To do this, three advanced mechanisms have been integrated to the platform:

  • The Gaussian Mechanism which adds Gaussian noise is implemented in cases where accuracy maximization is what the model is aiming for
  • The Laplace and Exponential Mechanisms are implemented in those models in which privacy preservation is the top priority.
  • The Laplace and Gaussian mechanisms are focused on numerical answers in which noise is directly added to the answer itself. On the other hand, the Exponential Mechanism returns a precise answer without added noise, while still preserving Differential Privacy

This Federated Learning and Differential Privacy platform is highly flexible and scalable. Therefore, further Differentially Private mechanisms can be added.
mathematical definition of differential privacy where noise is added to the raw dataset to create a secure dataset



Federated Learning models, if not prevented, can be tricked into giving incorrect predictions and be able to give out any desired result. The process of designing an input in a specific way to obtain an incorrect result is an adversarial attack. These attacks are aimed at infering information from the training data.


Technical solutions have been developed to address AI-specific vulnerabilities to prevent and control attacks trying to manipulate the training dataset, inputs designed to cause the model to make a mistake, or model flaws.

The best way to check if a defense is satisfactory is to test it with different types of attacks. Therefore, a wide range of attacks have been designed in order to verify that the models are completely private.
schema of defense against data attacks


Membership Inference attacks create leakages which impair privacy preservation. Thanks to Sherpa.ai's potential in Differential Privacy, defense models capable of protecting the identity of the data have been developed. Therefore, inference attacks aiming to reveal who owns the data used to train a learning model, have been eliminated.

While at all times meeting organizational requirements and guaranteeing data privacy, in accordance with current legislation.
schema of defense against membership inference attacks


Poisoning attacks pursue to compromise the global training model- Here, malicious users inject fake training data with the aim of corrupting the learned model. affecting the model’s performance and accuracy


Byzantine Attacks impair the performance of the overall model and damage it until it becomes faulty. Therefore, it is crucial to make federated learning models robust to these faults where data behaves capriciously.

With Sherpa.ai’s advanced mechanisms the defense of the federated model from malicious attacks aimed at reducing the model's performance is ensured. Therefore, the protection is based on the identification of those clients with anomalous performance in order to prevent them from participating in the aggregation process.
schema of defense against byzantine attacks


The objective of these attacks is to inject a secondary task into the global model by stealth. This causes adversarial clients to be doubly targeted, and therefore the updates to the learning model differ from the updates to non-malicious clients.

Unprecedented algorithms capable of nullifying backdoor attacks have been established. With this technology, an increase of the performance and security of its models is achieved.
schema of defense against backdoor attacks



Biases create systematic and repeatable errors resulting in unfair outcomes, privileging certain groups, creating gender, race, or ethnic hindering.

At Sherpa.ai we have developed a technology capable of tackling this problem, formed due to particularities of the data stored, and solving it in the most efficient way possible. To do this, we adjust, particularize and adapt each model to each client while preserving global learning.
two silhouettes of men faced; the man on the left has thumbs up and the man of the right has thumbs down


Sherpa.ai tackles the problem of skewed data in a customized way and perfectly adjusts to the uniqueness of each client using innovative techniques that preserve global learning and adapt the knowledge to each individual.

This is achieved by dynamically modifying the device loss functions in each learning round, so that the resulting model is unbiased towards any user.
personalization layer which helps to differentiate c and ç


Hemos alcanzado los niveles más altos en la implementación de algoritmos para la plataforma de Inteligencia Artificial con privacidad de datos de Sherpa.ai, con las metodologías más avanzadas de la matemática aplicada

profile picture of enrique zuazua

Enrique Zuazua, Ph.D.

Senior Associate Researcher in Algorithms of Sherpa.ai

  • Chair Professor at FAU (Germany)
  • Alexander von Humboldt Award
  • Considerado el mejor del mundo en matemáticas aplicadas

Sherpa está liderando el modo en el que se construirán las soluciones de inteligencia artificial, preservando la privacidad del usuario en todas sus formas

profile picture of tom gruber

Tom Gruber

Senior Advisor in AI of Sherpa.ai

  • Co-founder and CTO of Siri
  • Head of Siri Advanced Development Group at Apple

Other technological aspects
of sherpa.ai´s privacy-preserving technology

Secure Multi-Party

Sherpa.ai has developed a cryptographic protocol that distributes the computation of data from different sources to ensure that no one can view other’s data, without the need to trust a third party.

By doing this, it is ensured that your business’s sensitive data is secured, without undercutting your ability to acquire all the necessary information needed from this data.
schema of secure multi party computation

Private Entity

When datasets are partitioned across multiple organizations, the identification of the corresponding entities becomes a problem.

With the use of cutting edge cryptographic techniques, the synchronization and identification of these datasets is possible while always protecting privacy and never affecting the performance of the trained models.
schema of private set intersection


Synthetic data serves as a way of protecting data privacy. Many times, real data contain private and sensitive user information that cannot be freely shared. To preserve this privacy, different approaches are taken which often result in data omission which leads to an overall loss of information and utility.

Sherpa.ai’s technology makes use of advanced synthetic data generation to eliminate security loopholes such as membership. With this unconventional solution, the ability to move away from the use of standard methods is gained, which greatly reduces communication costs without degrading the accuracy of the predictive model. This generates the ability to obtain the underlying structure and show the same statistical distribution from the original data, rendering it undistinguishable from the real one.
schema of synthetic data generation;  on the left side, a representation of the data of two different parties and its synthetic data created and on the right side, a three dimensional representation of the variables client, features and samples


Sherpa.ai platforms ensures compliance with all applicable regulation.

logo of general data protection regulation


Para Sherpa.ai la privacidad de datos es un valor ético fundamental.

Por este motivo nuestra plataforma cumple con todas las regulaciones actuales en Protección de Datos (RGPD) y está en línea con el borrador de la nueva normativa sobre la regulación de la Inteligencia Artificial de la Unión Europea.

small logo of cogx 2021 winner
small logo of cogx 2021 finalist
united registrar of systems iso 27001 and ukas management systems logos


La seguridad de la información es una prioridad absoluta en Sherpa.ai.

Creemos que la seguridad debe cumplir con los estándares de calidad, así como con toda la normativa al respecto. Por ello, estamos certificados en el estándar de seguridad de datos ISO-27.001 y nuestra plataforma ha sido galardonada con los premios CogX2021 por su Contribución Sobresaliente para la Regulación Tecnológica y finalista como Mejor Solución para Privacidad y Protección de Datos.


Be a first mover in AI privacy-enhancing tech.

Keep me Updated
sherpa keynote