“Federated Learning accelerates model development while protecting privacy.”

Data Science and Machine Learning Trends You Can’t Ignore, September 2021​

Federated Learning: A managed process for combining models trained separately on separate data sets that can be used for sharing intelligence between devices, systems, or firms to overcome privacy, bandwidth, or computational limits.“

Five Key Advances Will Upgrade AI To Version 2.0 For Enterprises, February 2021​

While Federated Learning is a nascent technology, it is highly promising and can enable companies to realize transformative strategic business benefits. ​"FL is expected to make significant strides forward and transform enterprise business outcomes responsibly.”

Ritu Jyoti, group vice president, Artificial Intelligence Research at IDC.​

“Federated Learning: AI's new weapon to ensure privacy.

A little-known AI method can train on your health data without threatening your privacy, March 2019​

“Federated Learning allows AI algorithms to travel and train on distributed data that is retained by contributors. This technique has been used to train machine-learning algorithms to detect cancer in images that are retained in the databases of various hospital systems without revealing sensitive patient data.

The New Tech Tools in Data Sharing, March 2021​


After years of research, Sherpa.ai has develop the most advanced Federated Learning Platform for data privacy, which is making a huge impact on the academic world and industry.

Federated Learning is a Machine Learning paradigm aimed at learning models from decentralized data, such as data located in users’ smartphones, hospitals, or banks, and ensuring data privacy.

This is achieved by training models locally at each node (e.g. at each hospital, at each bank or at each smartphone), sharing the model-updated local parameters (without sharing user data) and securely aggregating them to build a better global model.


Companies are implementing Federated Learning as their data remains locked in their servers and only the predictive model with the knowledge acquired is transferred between parties.

benefits of using federated learning in comparison with edge computing and centralized learning

More powerful collaborative models, or not feasible using standard solutions, without exchanging private data.

Data privacy by design, without risk of being compromised.

Regulation Compliance. The data never leaves the environment of the parties involved.

Lower risk of data breaches. The attack surface is reduced.

Transparency about how models are trained and how data is used.

Where to apply
Federated Learning

This technology is disruptive in cases where it is mandatory to guarantee data privacy.

When data contains confidential information, such as private patient data, personal financial information and any other confidential information.

Due to data privacy legislation, healthcare institutions, banks and insurance companies, for example, cannot share individual records, but would benefit from AI training in machine learning models from data from various entities.

Two parties want to take advantage of their data without sharing it. For example, two insurance companies could improve fraud detection, training models through federated learning, so that both companies would have a highly accurate predictive algorithm, but at no time would they share their business data with the other party.

Federated learning paradigms

Federated Learning can be classified into horizontal, vertical and federated transfer learning, according to how data is distributed among the agent nodes in the feature and sample spaces.


schema of horizontal federated learning

Horizontal Federated Learning is introduced in those scenarios, where data sets share the same feature space (same type of columns) but differ in samples (different rows).

Use cases: Diagnosis of diseases.


schema of vertical federated learning

Two parties or companies want to take advantage of their data without sharing it. In this case, to perform the prediction, both parties need to have the same clients or users in common.

Use cases: Two insurance companies could improve fraud detection training models through federated learning so that both companies would have a highly accurate predictive algorithm, but they would not share their business data with the other party.


schema of federated transfer learning

Two parties or companies want to take advantage of their data without sharing it but they only have very few clients of users in common.

The system can learn from common users and transfer de knowledge and apply it with news clients.

Use cases: Two insurance companies could improve fraud detection, training models through federated learning, so that both companies would have a highly accurate predictive algorithm, but they would not share their business data with the other party.


Differential Privacy is a statistical technique to provide data aggregations, while avoiding the leakage of individual data records. This technique ensures that malicious agents intervening in the communication of local parameters cannot trace this information back to the data sources, adding an additional layer of data privacy


At Sherpa.ai an innovative solution that integrates Federated Learning and Differential Privacy has been developed. With the use of Differential Privacy, we ensure that no data can be obtained by masking the original information with controlled and adaptative noise, while maintaining the performance of the predictive algorithm. This prevents malicious agents from obtaining, tracing or deducing data from the clients as even reverse engineering techniques turn to be useless.
schema of differential privacy


To do this, three advanced mechanisms have been integrated to the platform:

  • The Gaussian Mechanism which adds Gaussian noise is implemented in cases where accuracy maximization is what the model is aiming for
  • The Laplace and Exponential Mechanisms are implemented in those models in which privacy preservation is the top priority.
  • The Laplace and Gaussian mechanisms are focused on numerical answers in which noise is directly added to the answer itself. On the other hand, the Exponential Mechanism returns a precise answer without added noise, while still preserving Differential Privacy

This Federated Learning and Differential Privacy platform is highly flexible and scalable. Therefore, further Differentially Private mechanisms can be added.
mathematical definition of differential privacy where noise is added to the raw dataset to create a secure dataset



Federated Learning models, if not prevented, can be tricked into giving incorrect predictions and be able to give out any desired result. The process of designing an input in a specific way to obtain an incorrect result is an adversarial attack. These attacks are aimed at infering information from the training data.


Technical solutions have been developed to address AI-specific vulnerabilities to prevent and control attacks trying to manipulate the training dataset, inputs designed to cause the model to make a mistake, or model flaws.

The best way to check if a defense is satisfactory is to test it with different types of attacks. Therefore, a wide range of attacks have been designed in order to verify that the models are completely private.
schema of defense against data attacks


Membership Inference attacks create leakages which impair privacy preservation. Thanks to Sherpa.ai's potential in Differential Privacy, defense models capable of protecting the identity of the data have been developed. Therefore, inference attacks aiming to reveal who owns the data used to train a learning model, have been eliminated.

While at all times meeting organizational requirements and guaranteeing data privacy, in accordance with current legislation.
schema of defense against membership inference attacks


Poisoning attacks pursue to compromise the global training model- Here, malicious users inject fake training data with the aim of corrupting the learned model. affecting the model’s performance and accuracy


Byzantine Attacks impair the performance of the overall model and damage it until it becomes faulty. Therefore, it is crucial to make federated learning models robust to these faults where data behaves capriciously.

With Sherpa.ai’s advanced mechanisms the defense of the federated model from malicious attacks aimed at reducing the model's performance is ensured. Therefore, the protection is based on the identification of those clients with anomalous performance in order to prevent them from participating in the aggregation process.
schema of defense against byzantine attacks


The objective of these attacks is to inject a secondary task into the global model by stealth. This causes adversarial clients to be doubly targeted, and therefore the updates to the learning model differ from the updates to non-malicious clients.

Unprecedented algorithms capable of nullifying backdoor attacks have been established. With this technology, an increase of the performance and security of its models is achieved.
schema of defense against backdoor attacks



Biases create systematic and repeatable errors resulting in unfair outcomes, privileging certain groups, creating gender, race, or ethnic hindering.

At Sherpa.ai we have developed a technology capable of tackling this problem, formed due to particularities of the data stored, and solving it in the most efficient way possible. To do this, we adjust, particularize and adapt each model to each client while preserving global learning.
two silhouettes of men faced; the man on the left has thumbs up and the man of the right has thumbs down


Sherpa.ai tackles the problem of skewed data in a customized way and perfectly adjusts to the uniqueness of each client using innovative techniques that preserve global learning and adapt the knowledge to each individual.

This is achieved by dynamically modifying the device loss functions in each learning round, so that the resulting model is unbiased towards any user.
personalization layer which helps to differentiate c and ç


We have reached the highest levels in the implementation of algorithms for the Artificial Intelligence platform with data privacy of Sherpa.ai, with the most advanced methodologies of applied mathematics

profile picture of enrique zuazua

Enrique Zuazua, Ph.D.

Senior Associate Researcher in Algorithms of Sherpa.ai

  • Chair Professor at FAU (Germany)
  • Alexander von Humboldt Award.
  • Considered as the world's best one in applied mathematics

Sherpa is leading the way how artificial intelligence solutions will be built, preserving user privacy in all its forms

profile picture of tom gruber

Tom Gruber

Senior Advisor in AI of Sherpa.ai

  • Co-founder and CTO of Siri
  • Head of Siri Advanced Development Group at Apple

Other technological aspects
of sherpa.ai´s privacy-preserving technology

Secure Multi-Party

Sherpa.ai has developed a cryptographic protocol that distributes the computation of data from different sources to ensure that no one can view other’s data, without the need to trust a third party.

By doing this, it is ensured that your business’s sensitive data is secured, without undercutting your ability to acquire all the necessary information needed from this data.
schema of secure multi party computation

Private Entity

When datasets are partitioned across multiple organizations, the identification of the corresponding entities becomes a problem.

With the use of cutting edge cryptographic techniques, the synchronization and identification of these datasets is possible while always protecting privacy and never affecting the performance of the trained models.
schema of private set intersection


Synthetic data serves as a way of protecting data privacy. Many times, real data contain private and sensitive user information that cannot be freely shared. To preserve this privacy, different approaches are taken which often result in data omission which leads to an overall loss of information and utility.

Sherpa.ai’s technology makes use of advanced synthetic data generation to eliminate security loopholes such as membership. With this unconventional solution, the ability to move away from the use of standard methods is gained, which greatly reduces communication costs without degrading the accuracy of the predictive model. This generates the ability to obtain the underlying structure and show the same statistical distribution from the original data, rendering it undistinguishable from the real one.
schema of synthetic data generation;  on the left side, a representation of the data of two different parties and its synthetic data created and on the right side, a three dimensional representation of the variables client, features and samples


Sherpa.ai platforms ensures compliance with all applicable regulation.

logo of general data protection regulation


Data privacy is a fundamental ethical value at Sherpa.ai.

Our platform complies with all current regulations on Data Protection (GDPR) and is in line with the European Commission regulatory framework proposal on Artificial Intelligence.

small logo of cogx 2021 winner
small logo of cogx 2021 finalist
united registrar of systems iso 27001 and ukas management systems logos


Information security is a top priority at Sherpa.ai.

We believe that security must comply with quality standards and with all regulations in this regard. For this reason, we are certified in the ISO-27.001 data security standard and our platform has won the CogX 2021 awards for its Outstanding Contribution to Technology Regulation and has been a finalist as Best Solution for Privacy and Data Protection.


Be a first mover in AI privacy-enhancing tech.

Keep me Updated
sherpa keynote