“Federated Learning accelerates model development while protecting privacy.”

Data Science and Machine Learning Trends You Can’t Ignore, September 2021​

Federated Learning: A managed process for combining models trained separately on separate data sets that can be used for sharing intelligence between devices, systems, or firms to overcome privacy, bandwidth, or computational limits.“

Five Key Advances Will Upgrade AI To Version 2.0 For Enterprises, February 2021​

While Federated Learning is a nascent technology, it is highly promising and can enable companies to realize transformative strategic business benefits. ​"FL is expected to make significant strides forward and transform enterprise business outcomes responsibly.”

Ritu Jyoti, group vice president, Artificial Intelligence Research at IDC.​

“Federated Learning: AI's new weapon to ensure privacy.

A little-known AI method can train on your health data without threatening your privacy, March 2019​

“Federated Learning allows AI algorithms to travel and train on distributed data that is retained by contributors. This technique has been used to train machine-learning algorithms to detect cancer in images that are retained in the databases of various hospital systems without revealing sensitive patient data.

The New Tech Tools in Data Sharing, March 2021​


Urteetako ikerketaren ondoren, Sherpa.ai-k datuen pribatutasunerako ikaskuntza federatuko plataformarik aurreratuena garatu du, eta eragin handia izaten ari da mundu akademikoan eta industrian.

Ikaskuntza Federatua ,ikaskuntza automatikoaren paradigma bat da; datu deszentralizatuetatik abiatuta ,ereduak ikastera bideratua, hala nola, erabiltzaileen telefono adimendunetan, ospitaleetan edo bankuetan kokatutako datuak, eta datuen pribatutasuna bermatuz.

Hori lortzeko, eredua nodo bakoitzean entrenatu behar da (ospitale bakoitzean, banku bakoitzean edo telefono adimendun bakoitzean, adibidez), ereduaren parametro lokal eguneratuak partekatuz (erabiltzailearen datuak partekatu gabe) eta modu seguruan gehituz, eredu global hobea eraikitzeko.


Companies are implementing Federated Learning as their data remains locked in their servers and only the predictive model with the knowledge acquired is transferred between parties.

benefits of using federated learning in comparison with edge computing and centralized learning

Lankidetza-eredu indartsuagoak, edo ez-egingarriak, soluzio estandarrak erabiliz, datu pribatuak trukatu gabe.

Datuen pribatutasuna, diseinuaren arabera, arriskuan jarri gabe.

Araudia betetzea. Datuak ez dute inoiz alde egiten tartean diren alderdien ingurunetik.

Datuak iragazteko arrisku txikiagoa. Eraso-eremu posibleak murrizten dira.

Gardentasuna ereduak entrenatzeko moduari eta datuak erabiltzeko moduari buruz.

Non erabili
Ikaskuntza Federatua

Ikaskuntza Federatua teknologia disruptiboa da datuen pribatutasuna bermatu behar den kasuetan.

Datuak informazio konfidentziala dutenean, hala nola ,pazienteen datu pribatuak, finantza-informazio pertsonala eta beste edozein informazio konfidentziala.

Datuen pribatutasunari buruzko legedia dela eta, osasun-erakundeek, bankuek eta aseguru-konpainiek ezin dituzte erregistro indibidualak partekatu, baina ikaskuntza automatikoa hobetuko lukete beste erakunde batzuen datuak dituzten ereduak entrenatuko balituzte.

Bi empresa etekina atera nahi diete beren datuei, baina partekatu gabe. Adibidez, bi aseguru-etxek iruzurraren detekzioa hobetu lezakete, ikaskuntza federatuaren bidez ereduak entrenatuz. Hala, bi konpainiek zehaztasun handiko iragarpen-algoritmoa izango lukete, baina inoiz ez lituzkete beste aldearekin partekatuko beren negozioaren datuak.

Federated learning paradigms

Federated Learning can be classified into horizontal, vertical and federated transfer learning, according to how data is distributed among the agent nodes in the feature and sample spaces.


schema of horizontal federated learning

Horizontal Federated Learning is introduced in those scenarios, where data sets share the same feature space (same type of columns) but differ in samples (different rows).

Use cases: Diagnosis of diseases.


schema of vertical federated learning

Two parties or companies want to take advantage of their data without sharing it. In this case, to perform the prediction, both parties need to have the same clients or users in common.

Use cases: Two insurance companies could improve fraud detection training models through federated learning so that both companies would have a highly accurate predictive algorithm, but they would not share their business data with the other party.


schema of federated transfer learning

Two parties or companies want to take advantage of their data without sharing it but they only have very few clients of users in common.

The system can learn from common users and transfer de knowledge and apply it with news clients.

Use cases: Two insurance companies could improve fraud detection, training models through federated learning, so that both companies would have a highly accurate predictive algorithm, but they would not share their business data with the other party.


Differential Privacy is a statistical technique to provide data aggregations, while avoiding the leakage of individual data records. This technique ensures that malicious agents intervening in the communication of local parameters cannot trace this information back to the data sources, adding an additional layer of data privacy


At Sherpa.ai an innovative solution that integrates Federated Learning and Differential Privacy has been developed. With the use of Differential Privacy, we ensure that no data can be obtained by masking the original information with controlled and adaptative noise, while maintaining the performance of the predictive algorithm. This prevents malicious agents from obtaining, tracing or deducing data from the clients as even reverse engineering techniques turn to be useless.
schema of differential privacy


To do this, three advanced mechanisms have been integrated to the platform:

  • The Gaussian Mechanism which adds Gaussian noise is implemented in cases where accuracy maximization is what the model is aiming for
  • The Laplace and Exponential Mechanisms are implemented in those models in which privacy preservation is the top priority.
  • The Laplace and Gaussian mechanisms are focused on numerical answers in which noise is directly added to the answer itself. On the other hand, the Exponential Mechanism returns a precise answer without added noise, while still preserving Differential Privacy

This Federated Learning and Differential Privacy platform is highly flexible and scalable. Therefore, further Differentially Private mechanisms can be added.
mathematical definition of differential privacy where noise is added to the raw dataset to create a secure dataset



Federated Learning models, if not prevented, can be tricked into giving incorrect predictions and be able to give out any desired result. The process of designing an input in a specific way to obtain an incorrect result is an adversarial attack. These attacks are aimed at infering information from the training data.


Technical solutions have been developed to address AI-specific vulnerabilities to prevent and control attacks trying to manipulate the training dataset, inputs designed to cause the model to make a mistake, or model flaws.

The best way to check if a defense is satisfactory is to test it with different types of attacks. Therefore, a wide range of attacks have been designed in order to verify that the models are completely private.
schema of defense against data attacks


Membership Inference attacks create leakages which impair privacy preservation. Thanks to Sherpa.ai's potential in Differential Privacy, defense models capable of protecting the identity of the data have been developed. Therefore, inference attacks aiming to reveal who owns the data used to train a learning model, have been eliminated.

While at all times meeting organizational requirements and guaranteeing data privacy, in accordance with current legislation.
schema of defense against membership inference attacks


Poisoning attacks pursue to compromise the global training model- Here, malicious users inject fake training data with the aim of corrupting the learned model. affecting the model’s performance and accuracy


Byzantine Attacks impair the performance of the overall model and damage it until it becomes faulty. Therefore, it is crucial to make federated learning models robust to these faults where data behaves capriciously.

With Sherpa.ai’s advanced mechanisms the defense of the federated model from malicious attacks aimed at reducing the model's performance is ensured. Therefore, the protection is based on the identification of those clients with anomalous performance in order to prevent them from participating in the aggregation process.
schema of defense against byzantine attacks


The objective of these attacks is to inject a secondary task into the global model by stealth. This causes adversarial clients to be doubly targeted, and therefore the updates to the learning model differ from the updates to non-malicious clients.

Unprecedented algorithms capable of nullifying backdoor attacks have been established. With this technology, an increase of the performance and security of its models is achieved.
schema of defense against backdoor attacks



Biases create systematic and repeatable errors resulting in unfair outcomes, privileging certain groups, creating gender, race, or ethnic hindering.

At Sherpa.ai we have developed a technology capable of tackling this problem, formed due to particularities of the data stored, and solving it in the most efficient way possible. To do this, we adjust, particularize and adapt each model to each client while preserving global learning.
two silhouettes of men faced; the man on the left has thumbs up and the man of the right has thumbs down


Sherpa.ai tackles the problem of skewed data in a customized way and perfectly adjusts to the uniqueness of each client using innovative techniques that preserve global learning and adapt the knowledge to each individual.

This is achieved by dynamically modifying the device loss functions in each learning round, so that the resulting model is unbiased towards any user.
personalization layer which helps to differentiate c and ç


Sherpa.ai-ren datu pribatutasuna duen Inteligentzia Artifizialaren plataformarako algoritmoen ezarpenean maila gorenetara iritsi gara, matematika aplikatuko metodologia aurreratuenekin

profile picture of enrique zuazua

Enrique Zuazua, Ph.D.

Senior Associate Researcher in Algorithms of Sherpa.ai

  • Chair Professor at FAU (Germany)
  • Alexander von Humboldt Award
  • Matematika aplikatuetan munduko onenatzat hartuta

Sherpa adimen artifizialeko irtenbideak eraikitzeko modua gidatzen ari da, erabiltzailearen pribatutasuna modu guztietan zainduz

profile picture of tom gruber

Tom Gruber

Senior Advisor in AI of Sherpa.ai

  • Co-founder and CTO of Siri
  • Head of Siri Advanced Development Group at Apple

Other technological aspects
of sherpa.ai´s privacy-preserving technology

Secure Multi-Party

Sherpa.ai has developed a cryptographic protocol that distributes the computation of data from different sources to ensure that no one can view other’s data, without the need to trust a third party.

By doing this, it is ensured that your business’s sensitive data is secured, without undercutting your ability to acquire all the necessary information needed from this data.
schema of secure multi party computation

Private Entity

When datasets are partitioned across multiple organizations, the identification of the corresponding entities becomes a problem.

With the use of cutting edge cryptographic techniques, the synchronization and identification of these datasets is possible while always protecting privacy and never affecting the performance of the trained models.
schema of private set intersection


Synthetic data serves as a way of protecting data privacy. Many times, real data contain private and sensitive user information that cannot be freely shared. To preserve this privacy, different approaches are taken which often result in data omission which leads to an overall loss of information and utility.

Sherpa.ai’s technology makes use of advanced synthetic data generation to eliminate security loopholes such as membership. With this unconventional solution, the ability to move away from the use of standard methods is gained, which greatly reduces communication costs without degrading the accuracy of the predictive model. This generates the ability to obtain the underlying structure and show the same statistical distribution from the original data, rendering it undistinguishable from the real one.
schema of synthetic data generation;  on the left side, a representation of the data of two different parties and its synthetic data created and on the right side, a three dimensional representation of the variables client, features and samples


Sherpa.ai platforms ensures compliance with all applicable regulation.

logo of general data protection regulation


Sherpa.ai-rentzako, datuen pribatutasuna funtsezko balio etikoa da.

Hori dela eta, gure plataformak Datuen Babeserako (DBEO) egungo araudi guztiak betetzen ditu, eta bat dator Europar Batasuneko Adimen Artifizialaren erregulazioari buruzko araudi berriaren zirriborroarekin.

small logo of cogx 2021 winner
small logo of cogx 2021 finalist
united registrar of systems iso 27001 and ukas management systems logos


Informazioaren segurtasuna erabateko lehentasuna da Sherpa.ai-n.

Gure ustez, segurtasunak kalitate-estandarrak bete behar ditu, baita horri buruzko araudi osoa ere. Horregatik, datuen segurtasunaren ISO-27.001 estandarrean ziurtatuta gaude, eta gure plataformak CogX2021 sariak jaso ditu, erregulazio teknologikorako egindako ekarpen bikainagatik eta pribatutasunerako eta datuak babesteko soluzio onena izateagatik.


Be a first mover in AI privacy-enhancing tech.

Keep me Updated
sherpa keynote