TEE 2.0: Multi-Platform Bid Arbitration
Kainar Kamalov and Lukas Schwab
Bid prices are sensitive information regardless of where they come from. When we started considering the post-auction comparison problem across our integration approaches, it became obvious that the comparison has to happen in a secure enclave. CloudX already has one: our Trusted Execution Environment (TEE).
Today, we're launching TEE 2.0. It extends the enclave to handle third-party bids, so you can compare bids across mediation platforms, securely.
The Post-Auction Problem
When two mediation platforms each produce a winning bid for the same impression, someone has to decide. Currently, that happens in one of two ways: waterfall priority, which gives one platform a structural advantage before the auction starts, or post-bid comparison, where both prices are visible to app-side code before a winner is chosen.
Neither qualifies. No neutral party. No formal process. No verifiable result. Every publisher implements it differently, with no consistent framework for demand partners to model against and no way to verify the comparison was made correctly. This means three things:
Buyers are flying blind. A DSP's bid can win inside one platform and silently lose at arbitration: no loss notification, no standardized event, no way to distinguish "I lost the auction" from "I won the auction but an external decision overrode the result." When buyers cannot optimize toward your supply, they spend less.
Publishers carry the engineering burden. Arbitration logic in app code means maintaining it across SDK versions, OS updates, and every demand partner's callback behavior. None of this is an app's comparative advantage.
Post-bid comparison degrades the market. When both prices are visible before the winner is chosen, every platform is incentivized to bid marginally above the other side rather than bid what the impression is worth. Once one platform adopts last-look tactics, every platform must follow or lose systematically. The result is an infinite adjustment loop that rewards positioning over bid quality. Every impression that goes through broken arbitration is revenue you cannot recover.
TEE 2.0 brings the same verification principles from the auction to the arbitration. The comparison is now as trustworthy as the auction itself.
Why the Trusted Execution Environment Matters
TEE 2.0 is an extension of CloudX's Trusted Execution Environment, running inside the same secure hardware as the auction, with access to information no app-side system can touch.
Some demand partners' true prices are contractually and technically restricted from leaving the enclave. TEE 2.0 can use them anyway — because it runs inside the same secure hardware as the auction.
Every app-side arbitration system in the industry is making the highest-stakes decision in monetization on degraded information. TEE 2.0 doesn't have that problem. It receives the real price directly, enclave to enclave. The actual value, not an approximation.
What happens in the enclave stays in the enclave. No last look, no information leakage. Neither platform sees the other's price. A unified impression identifier spans both paths, giving publishers and buyers one traceable event from bid through arbitration to render.
The comparison logic is open-source and produces cryptographic attestation on every execution. The rules are published and auditable. Any party can verify the comparison ran exactly as specified.
The potential extends well beyond today's integrations. Other demand sources could share real prices through a trusted enclave channel, even where they disclose nothing to the app layer today. TEE 2.0 is the infrastructure that makes it possible.
Get Started Today
Our TEE 2.0 source code is now available on our GitHub OpenArbiter repo, and we are launching with select publishers today. Docs coming soon!