Comment by crackalamoo

See also CrypTen, Meta's library for privacy preserving machine learning: https://github.com/facebookresearch/CrypTen. This isn't fully homomorphic encryption, but it is multi-party computation (MPC), which hides the inputs from the company owning the model.

But while not revealing user input, it would still reveal the outputs of the model to the company. And yeah, as the article mentions, unfortunately this kind of thing (MPC or fully-homomorphic encryption) probably won't be feasible for the most powerful ML models.