EQTY Lab, a pioneering startup dedicated to securing the future of artificial intelligence, is joining the Confidential Computing Consortium (CCC) as a Startup Member. Known for its innovative work in cryptographic AI governance, EQTY Lab has developed technologies that bring integrity, transparency, and accountability to high-stakes AI deployments across sectors like the public sector, life sciences, and media.
The CCC is excited to welcome EQTY Lab into its growing community of leaders advancing confidential computing. By joining the consortium, EQTY Lab deepens its commitment to building systems that protect sensitive data and enable trust throughout the AI lifecycle. Their flagship solution, the AI Integrity Suite, uses confidential computing and verifiable compute to provide cryptographic proofs of AI operations, making agentic training and inference both secure and auditable.
“At EQTY Lab, we believe the future of AI depends on creating systems that can be trusted with sensitive data and mission-critical decisions,” said Jonathan Dotan, CEO of EQTY Lab. “Joining the Confidential Computing Consortium represents a significant step in our mission to build verifiable AI systems that operate with both privacy and accountability that can now begin on the processor itself.”
EQTY Lab’s recent launch of a Verifiable Compute solution marks a milestone in confidential AI. The platform uses hardware-based cryptographic notaries, leveraging CCC technologies like VirTEE on AMD SEV and exploring future adoption of COCONUT-SVSM. This ensures a tamper-proof record of every data object and code executed during AI workloads.
By participating in CCC, EQTY Lab aims to integrate deeper with open source projects and contribute to developing next-generation specifications for secure AI. Their work spans from implementing Intel’s TDX and Tiber solutions to contributing to Linux Foundation efforts like SPDX and SLSA, aligning secure enclave attestations with modern SBOM standards.
EQTY Lab joins a vibrant community of innovators within the CCC, committed to ensuring that confidential computing becomes the foundation of secure, trustworthy, and privacy-preserving technologies.
This year’s Linaro Connect conference in Lisbon promises to be a landmark event for the confidential computing community. With multiple talks, workshops, and roundtables focused on trusted execution environments, attestation, and supply chain trust, confidential computing has emerged as an important theme of the 2025 conference.
Among the highlights: a keynote address from Mike Bursell, Executive Director of the Confidential Computing Consortium, who will share his insights on how industry-wide collaboration and open source are essential for the long-term success of this technology as it becomes mainstream. Mike’s keynote is especially timely and relevant in the context of this year’s conference, where no fewer than 10 technical sessions are listed in the confidential computing track, from organisations including Arm, Linaro, Fujitsu and Huawei.
And it doesn’t end there.
On Tuesday May 13th (the day before the main conference), Linaro have allocated a full-day workshop on the topic of Endorsement APIs. This workshop brings together engineers, researchers, standards bodies, and open source contributors to tackle one of the most pressing challenges in remote attestation: how to securely and efficiently distribute Endorsements and Reference Values across the diverse ecosystem of confidential computing platforms and applications.
Why Endorsement APIs Matter
In Remote Attestation (RATS) architecture, Endorsements and Reference Values are essential artefacts for attestation evidence appraisal. They can originate from various sources throughout the supply chain, including silicon manufacturers, hardware integrators, firmware providers, and software providers. Their distribution is influenced by technical, commercial, and even geopolitical factors. The potential consumers of these artefacts, referred to as “Verifiers” in RATS terms, include cloud-hosted verification services, local verifiers bundled with relying parties, constrained nodes, and endpoint devices. This acute diversity creates challenges for software integration and poses fragmentation risks. Aligning on data formats and APIs will help address these challenges and maximise software component reuse for data transactions between endpoints.
A Space for Open Collaboration
Sharing its venue with the main Linaro Connect conference — the Corinthia Hotel in Lisbon — the workshop will combine hackathon-style prototyping sessions in the morning with interactive presentations and roundtables in the afternoon. Confirmed participants include representatives from:
Arm
Intel
Microsoft Azure
Fujitsu
Oracle
IBM Research
NIST
Fraunhofer SIT
Alibaba
CanaryBit
and several university research groups
Activities on the day will include:
Gathering requirements from stakeholders
Surveying existing services and tools
Examining the interaction models between producers and consumers
Designing standardised APIs for retrieving endorsement artefacts from the supply chain
Hands-on prototyping
And most importantly, this is a space where implementers and spec authors can come together to turn ideas into prototypes, and prototypes into common solutions.
What is Linaro Connect?
If you’re new to the event, Linaro Connect is the premier open engineering forum for Arm software ecosystems. It brings together maintainers of open source projects, engineers from major silicon vendors, and contributors to key standards and security initiatives — all under one roof.
Whether you’re working on Linux kernel internals, UEFI, Trusted Firmware, or emerging attestation stacks, Linaro Connect is the place to share ideas, get feedback, and shape the direction of trusted computing.
You can view the full schedule for this year’s conference here.
Stay Tuned
We’ll publish a follow-up blog after the workshop, summarizing key outcomes, emerging standards proposals, and concrete next steps. Whether you’re building a verifier, defining a token format, or just starting to explore confidential computing, this is a conversation you’ll want to follow.
Welcome to our latest newsletter! This month’s newsletter highlights the CCC’s growing presence at major industry events, including an expanded booth at RSAC and strong member engagement at OC3. We also spotlight technical milestones from Gramine and Enarx, new governance resources to support compliance, and a thought-provoking webinar on confidential computing in the cloud.
From the Executive Director (ED)
As you’ll see below, the CCC has a booth at the RSA Conference this month. The conference is probably the biggest security conference in the world, and this is our second year with a booth. This year, we’ve gone out of our way to encourage members to help staff the booth. The costs for individual members for a booth at the Expo are very high, and the opportunity to be on the CCC booth allows members not only the chance to talk to attendees about the CCC, but also to discuss their own products and solutions. I’ve enjoyed staffing the booth alongside our members, and while there are still lots of people coming to see us who don’t know what Confidential Computing is, I’ve been cheered by the percentage of attendees who have got some idea of what the technology provides.
We’ll be at other upcoming events and will be inviting members to staff booths at those as well: keep a lookout for Outreach announcements – or better yet, join the calls!
Outreach
OC3 – Retro
At OC3, Mike Bursell presented “Why Remote Attestation is the Next Business Driver” during the CCC session. He emphasized that while trusted execution environments (TEEs) are transforming how businesses manage and interact with data, Remote Attestation is a critical next step. Often treated as an add-on, Remote Attestation is essential to fully realizing the value of Confidential Computing. Mike outlined why it matters and shared concrete examples of its significant business impact.
CCC members were highly engaged at OC3, with many companies showcasing projects spanning Confidential Computing, attestation frameworks, secure data processing, and emerging industry use cases.
In addition to individual project presentations, members also shared updates on collaborative initiatives and cross-industry efforts aimed at driving standards, improving interoperability, and supporting broader adoption.
You can view the full schedule of CCC member presentations and initiatives here.
The CCC is hosting a booth this week at RSAC, featuring double the space and an enhanced setup to showcase a broader range of member projects and initiatives in Confidential Computing. This year, a notable number of members are presenting their projects and products, including Anjuna, Fortanix, Hushmesh, IBM, Intel, Invary, Linux Foundation, NVIDIA, and TikTok (listed alphabetically). We invite you to stop by the CCC booth to learn more about Confidential Computing and how you can get involved. A sincere thank you to all participating members for their contributions – we look forward to even greater participation in the future.
This month we got annual updates from both our longest running project, Enarx, and our most adopted project, Gramine.
Enarx is in its second life. Richard Zak continues to carry the torch and maintain Enarx as companies continue to express interest in the unique TEE-agnostic, WASM-based, workload isolation capabilities Enarx provides.
Gramine won the prestigious ACSAC (Annual Computer Security Applications Conference) Cybersecurity Artifact Award at the end of the year. If you missed our post on that you can read it here.
Gramine has also expanded scope from process isolation with SGX to VM isolation with TDX. Gramine was able to reuse a significant portion of the hardened LibOS to provide a tighter security footprint alternative to general purpose Confidential VMs. You can read more about it in their ACM paper.
This month the Governance, Risk, and Compliance SIG has elevated three Governance Patterns to the TAC for final review. These documents will help compliance officers understand best practices for correct use of Confidential Computing technologies. These are some of the first documents we are creating to help people understand how Confidential Computing helps satisfy compliance requirements.
Recent News
CCC Executive Director Mike Bursell appeared on a webinar on April 15th titled “Public is Private – Confidential Computing in the Cloud” along with Manu Fontaine, founder of Hushmesh. The webinar explored the transformative potential of confidential computing for cloud environments. It’s now available to watch for free on demand here.
Welcome to our latest newsletter! This month’s newsletter covers opportunities for members to staff CCC conference booths, upcoming CFP deadlines, newly approved SIG on Trustworthy Workload Identity, and recent developments in Confidential Computing, including ManaTEE and container security insights.
From the Executive Director (ED)
As conference season continues, it’s worth a reminder that whenever we (the CCC) have a booth at a conference or exhibition, that’s an opportunity for our members and open source projects to attend and staff that booth. Usually, we get several free passes for booth staff, which means that all you need to do is volunteer (via the Outreach group) and turn up! You’re welcome to bring your own swag and marketing materials, and while the main branding and messaging focus is, of course, on the CCC, we believe that one of the great benefits of membership is being able to promote not just the consortium, but also your own company or project’s work. Upcoming events where we’ll have a booth include the RSA Conference and Confidential Computing Summit, so if you’re interested, please get in touch.
Outreach
The deadline is just around the corner! The Confidential Computing Consortium is excited to be sponsoring several upcoming events. As a valued member, you have the opportunity to share your ideas through CCC sponsored speaker sessions. We’re currently accepting submissions for speaker sessions and booth presentations. Whether you have a story to share, a project to demo, or an idea to inspire others, we encourage you to submit a proposal. Don’t miss out and check out the list of opportunities below!
Last month we talked about emerging interest across the Consortium to advance Trustworthy Workload Identity. In a nutshell, Confidential Computing can provide cryptographic evidence about the integrity and identity of a workload. However there are ease of use gaps in our common tooling and gaps in the ecosystem’s recognition of these capabilities.
I’m happy to say that a charter quickly came together and that across the TAC there was clear agreement and possibly more importantly commitment to contribute to the goals of the charter. We voted to approve TWI as the newest SIG. You can find the charter here.
We are still standing up some infrastructure for it including a mailing list. Meanwhile you can always check the CCC calendar to find where and when meetings are taking place. For now TWI contributors will meet Tuesdays. View the calendar here.
Recent News
At FOSDEM 2025, Dayeol Lee introduced ManaTEE, an open source framework enabling secure, privacy-preserving data analytics. By leveraging Privacy-Enhancing Techniques (PETs) and Trusted Execution Environments (TEEs), ManaTEE empowers researchers to analyze sensitive data with confidence. Now part of the Confidential Computing Consortium, ManaTEE is shaping the future of secure data collaboration. Read the blog to learn more about the framework, its use cases, and how you can contribute:
Does Confidential Computing work with containers? The short answer: Yes. But the real question is how it works and what level of security isolation fits your needs. In this blog, Dan Middleton breaks down different interpretations of “containers” and explores four key isolation patterns for protecting containerized applications with Confidential Computing. Read the blog.
By Dayeol Lee, Research Scientist at TikTok Privacy Innovation Lab, and Mateus Guzzo, Open Source Advocate
At FOSDEM 2025, Dayeol Lee, a Research Scientist at TikTok’s Privacy Innovation Lab, introduced ManaTEE, an open-source framework designed to facilitate privacy-preserving data analytics for public research. The framework integrates Privacy-Enhancing Techniques (PETs), including confidential computing, to safeguard data privacy without compromising usability. It offers an interactive interface through JupyterLab, providing an intuitive experience for researchers and data scientists. ManaTEE leverages Trusted Execution Environments (TEEs) to ensure both data confidentiality and execution integrity, fostering trust between data owners and analysts. Additionally, it provides proof of execution through attestation, enabling researchers to demonstrate the reproducibility and integrity of their results. The framework simplifies deployment by leveraging cloud-based confidential computing backends, making secure and private data analytics accessible and scalable for diverse use cases.
The video recording of Dayeol Lee’s presentation is available for viewing here.
ManaTEE was originally developed by TikTok as a privacy solution for secure data collaboration and has been donated to the Linux Foundation’s Confidential Computing Consortium. Also, ManaTEE is the core privacy preserving technology powering TikTok Research Tools, such as the TikTok Virtual Compute Environment (VCE). The framework is designed to meet the increasing need for secure data collaboration, addressing critical challenges in data privacy and security.
Private data for public interest
Private data is considered very valuable for businesses, as they can extract significant value from it. However, many miss the value of private data for public interest. Personal or proprietary data can be combined to provide insights into various public research domains such as public health, public safety, and education. For example, medical data could be combined with personal dietary data to offer insights into how personal habits impact health.
Data analytics for public interest often requires the combination of numerous datasets to ensure accurate insights and conclusions. Sometimes these datasets come from different sources. There are several challenges to fully combining these datasets. Multiple data providers may have conflicting interests and enforce different privacy policies and compliances. Moreover, data may be distributed across many platforms, including on-premise clusters, clouds, and data warehouses, making it hard to ensure all computations on the data are accountable and transparent.
What is ManaTEE?
To fully enable privacy-preserving data analytics for public interest, we need a standardized approach that provides strong privacy protection with technical enforcement, as well as accountability and transparency. Moreover, we need a framework that is easy to deploy and use.
We find that existing technical solutions such as differential privacy and trusted execution environments offer great properties to achieve our goals. We believe that a well-designed system could use existing techniques to offer a standardized way of private data analytics.
We decided to design and build ManaTEE, a framework that allows data owners to securely share their data for public research, with technically enforced privacy, accountability, and transparency guarantees. With the framework, researchers can gain accurate insights from private or proprietary datasets.
ManaTEE community release
The first community release of ManaTEE includes easy deployment options, a comprehensive demo tutorial, and an extensible framework ready for contributions. Future plans for ManaTEE involve expanding backend support to multi-cloud and on-prem solutions, integrating privacy-compliant data pipelines, enhancing output privacy protections, and supporting confidential GPUs for AI workloads.
For those interested in exploring ManaTEE further, the project is available on GitHub, and the community is encouraged to contribute to its development. The open governance model under the Confidential Computing Consortium aims to foster a vibrant ecosystem of contributors to enhance the project with new features, improved security, and more use cases.
By Dan Middleton, Intel Senior Principal Engineer and Chair, CCC Technical Advisory Council
The term container can be ambiguous. Here are 3 different representations of what people might mean by a container.
I’m often posed with questions about Confidential Computing and containers. Often, the question is something to the effect of, “Does Confidential Computing work with Containers?” or “Can I use Confidential Computing without redesigning my containers?” (Spoilers: Yes and Yes. But it also depends on your security and operational goals.)
The next question tends to be, “How much work will it be for me to get my containerized applications protected by Confidential Computing?” But there are a lot of variations to these questions, and it’s often not quite clear what the end goal is. Part of the confusion comes from “container” being a sort of colloquialism; it can mean a few different things depending on the context.
In Confidential Computing, we talk about the protection of data in use, in contrast with the protection of data at rest or in transit. So, if we apply the same metaphor to containers, we can see three different embodiments of what a container might mean.
In the first case, a container is simply a form of packaging, much like a Debian file or an RPM. You could think of it as a glorified zip file. It contains your application and its dependencies. This is really the only standardized definition of a container from the OCI image spec. There’s not a lot of considerations for packaging that are relevant for Confidential Computing, so this part is pretty much a no-op.
The next thing people might mean when they talk about a container is that containerized application during runtime. That container image file included an entry point which is the process that’s going to be launched. Now, that process is also pretty boring. It’s just a normal Linux process. There’s no special layer intermediating instructions like a JVM or anything like that. The thing that makes it different is that the operating system blinds the process from the rest of the system (namespacing) and can restrict its resources (cgroups). This is also referred to as sandboxing. So again, from a Confidential Computing perspective, there’s nothing different that we would do for a container process than what we would do for another process.
However, because the container image format and sandboxing have become so popular, an ecosystem has grown up around these providing orchestration. Orchestration is another term that’s used colloquially. When you want to launch a whole bunch of web applications spread across maybe a few different geographies, you don’t want to do that same task 1000 times manually. We want it to be automated. And so, I think 90% of the time, maybe 99% of the time, that people ask questions about containers and Confidential Computing, they’re wondering whether Confidential Computing is compatible with their orchestration system.
Administrative users operate a control plane which starts and stops containers inside nodes (which are often virtual machines). A Pod is a Kubernetes abstraction which has no operating system meaning – it is one or more containers each of which is a process.
One of the most popular orchestration systems is Kubernetes (K8s for short). Now, there are many distributions of K8s under different names, and there are many orchestration systems that have nothing to do with K8s. But given its popularity, let’s use K8s as an example to understand security considerations.
For our purposes, we’ll consider two K8s abstractions: the Control Plane and Nodes. The Control Plane is a collection of services that are used to send commands out to start, monitor, and stop containers across a fleet of nodes. Conventionally, a node is a virtual machine, and your containerized applications can be referred to as pods. From an operating system perspective, a pod is not a distinct abstraction. It’s sufficient for us to just think of a pod as one or more containers or equivalently one or more Linux processes. So, we have this control plane, which are a few services that help manage the containers that are launched across a fleet of virtual machines.
Now we can finally get into the Confidential Computing-related security considerations. If we were talking about adversary capabilities, the Control Plane has remote code execution, which is about as dangerous as an attacker can be. But is the Control Plane an adversary? What is it that we really want to isolate here, and what is it that we trust? There are any number of possible permutations, but they really collapse down to about four different patterns.
Four isolation patterns that recognize different trust relationships with the control plane.
In the first pattern, we want to isolate our container, and we trust nothing else. In the second case, we may have multiple containers on the same node that need to work together, and so our isolation unit we could think of as a pod, but it’s more properly or more pragmatically a virtual machine. Now, in both of these cases, but especially the second, the control plane still has influence over the container and its environment, no matter how it’s isolated. To be clear, the control plane can’t directly snoop on the container in either case, but you may want to limit the amount of configuration you delegate to the the control plane.
And so, in the third case, we put the whole control plane, which means each of the control plane services, inside a Confidential Computing environment. Maybe more importantly, we operate the control plane ourselves removing the 3rd party administrator entirely. It’s commonly the case, though, that companies don’t want to operate all of the K8s infrastructure by themselves, and that’s why there are managed K8s offerings from cloud service providers. And that brings us to our last case, where we decide that we trust the CSP, and we’re just going to sort of ignore the fact that the control plane has remote code execution inside what is otherwise our isolated VM for our pods or containers.
Process and VM Isolation examples with associated open source and commercial projects.
Let’s make this a little bit more concrete with some example open-source projects and commercial offerings. The only way to actually isolate a container, which means isolating a process, is with Intel® Software Guard Extensions (Intel® SGX) using an open-source project like Gramine or Occlum. So, if we come back to the question, “How much work do I have to do here?” there is at least a little bit of work because you’ll use these frameworks to repackage your application. You don’t have to rewrite your application, you don’t have to change its APIs, but you do need to use one of these projects to wrap your application in an enclave. This arguably gives you the most stringent protection because here you are only trusting your own application code and the Gramine or Occlum projects.
To the right, your next choice could be to isolate by pod. In practice, this means to isolate at the granularity of a virtual machine (VM). Using an open-source project like CNCF Confidential Containers (CoCo) lets you take your existing containers and use the orchestration system to target Confidential Computing hardware. CoCo can also target Intel® SGX hardware using Occlum, but more commonly CoCo is used with VM isolation capabilities through Intel® Trust Domain Extensions (Intel®TDX), AMD Secure Encrypted Virtualization (SEV)*, Arm Confidential Computing Architecture (CCA)*, or eventually RISC-V CoVE*. And there’s a little bit of work here too. You don’t have to repackage your application, but you do need to use this enlightened orchestration system from CoCo (or a distribution like Red Hat OpenShift Sandbox Containers*). These systems will launch each pod in a separate confidential virtual machine. They have taken pains to limit what the control plane can do and inspect, and there is a good barrier between the CVM and the control plane. However, it is a balancing act to limit the capabilities of the control plane when those capabilities are largely why you are using orchestration to begin with.
Edgeless Systems Constellation* strikes a little different balance. If you don’t want to trust the control plane but you still want to use CSP infrastructure or some other untrusted data center, Constellation will run each control plane service in a confidential VM and then also launch your pods in confidential VMs. But operating K8s isn’t for everyone, so when it comes to how much work is involved, it depends on whether you operate k8s or not. If you don’t normally operate k8s then this would be a significant increase. There are no changes that you need to make to your applications, though, and if your company is already in the business of operating their own orchestration systems, then there’s arguably no added cost or effort here.
But for those organizations who do rely on managed services from CSPs, you can make use of confidential instances in popular CSPs such as Azure Kubernetes Service (AKS)* and Google Kubernetes Engine (GKE)*. And this is generally very simple, like checkbox simple, but it comes with a caveat that you do trust the CSP’s control of your control plane. Google makes this explicit in some very nice documentation: (https://cloud.google.com/kubernetes-engine/docs/concepts/control-plane-security).
Now, which one of these four is right for your organization depends on the things that we’ve just covered, but also a few other considerations. The user that chooses container isolation generally is one that has a security-sensitive workload where a compromise of the workload has real consequences. They might also have a multiparty workload where management of that workload by any one of those parties works against the common interests of that group.
Typically, those with security sensitive or multiparty workloads will isolate at process granularity. VM isolation can be implemented differently based on whether the control plane is trusted or not.
Users of CNCF Confidential Containers probably don’t fully trust the CSP, or they want defense in depth against the data center operator, whether that’s a CSP or their own enterprise on-prem data center. More importantly they probably only want to deploy sensitive information or a cryptographic secret, if they can assess the security state of the system. This is called a Remote Attestation. Attestation is a fun topic and one of the most exciting parts of Confidential Computing, but it can be an article unto itself. So, to keep things brief, we’ll just stick with the idea that you can make an automated runtime decision whether a system is trustworthy before deploying something sensitive.
Now let’s look at the last two personas on the right of the diagram. Users of Constellation may not trust a CSP, or they may use a multi-cloud hosting strategy where it’s more advantageous for them to operate the K8s control plane themselves anyway. For users of CSP managed K8s, the CSP does not present a risk but the user certainly wants defense in depth protections against other tenants using that same shared infrastructure. In these latter two cases, Remote Attestations may also be desired, but used in more passive ways. For example, from an auditing perspective, logging the Attestation can show compliance that an application was run with protection of data in use.
In this article, we’ve covered more than a few considerations, but certainly, each of these four patterns has more to be understood to make an informed choice when it comes to security and operational considerations. I hope that this arms you, though, with the next set of questions to go pursue that informed choice.
[Edit 3/7: Clarified control plane influence per feedback from Benny Fuhry.]
Legal Disclaimers
Intel technologies may require enabled hardware, software or service activation.
Hello Community Member, welcome to our latest newsletter, where we share some highlights from my February travels across Europe and exciting updates in Confidential Computing.
From the Executive Director (ED)
February has been Europe-heavy for me, which makes a change (and works for me as I’m based in the UK). There were three different conferences – FOSDEM in Brussels, State of Open Con in London and the AI Security Summit in Paris. FOSDEM was (as usual!) packed and chaotic, but with devrooms for Confidential Computing and Attestation both busy, and an extra pre-summit meeting around Attestation (there were just too many talks submitted to have them all in the official conference), the amount of interest at the developer level is clearly really picking up.
At State of Open Con, I presented at pun-heavy 15 minute session on PII (Personally Identifiable Information) and also appeared on a panel around Open Source Security, excellently moderated by Divya Mohan. Sal Kimmich, our out-going Technical Community Arcthitect, presented a session on Secure Isolation and Trust Boundaries: A Crash Course for Engineers. State of Open Con is now in its third year, and continues to be one of the best open source conferences of the year.
The AI Security Summit was held the day before the huge international AI summit in Paris, and was notable for me in that the number of people who had actually heard of Confidential Computing was much higher than I’m used to. I gave an introduction to remote attestation and why it’s so important, and found myself able to dive deeper into the technical side than I’m used to: with FOSDEM and this, it really feels like the message is getting out there.
The last thing I’d like to do is mention a new Premier member to the CCC: Shielded Technologies joined us this month. We look forward to working with them and the various General and Associate members who have also recently joined.
Outreach: Job Board Page Now Live!
We’re thrilled to announce that the CCC Job Board is now live! It features exciting career opportunities for professionals passionate about advancing secure computing technologies, with roles in research, development, and the implementation of cutting-edge confidential computing solutions.
Check out the available positions and add your job postings to the board and connect with top talent! Visit the Job Board
The ability to identify a workload across the internet with cryptographic certainty is one of the key capabilities of Confidential Computing. However, much of the ecosystem still relies on less secure mechanisms, such as using filenames or other easily spoofable features, to identify code. Identifying workloads with Confidential Computing techniques offers significant benefits, but we still face ease-of-use challenges. A new community effort is emerging to improve both industry standards for Workload Identity and its ease of use. Like our other open source initiatives, these meetings and documents are publicly accessible. If you’d like to get involved, you can find the latest updates on meetings and discussions on the TAC mailing list.
Recent News
OC3 2025 Registrations are Open: The Open Confidential Computing Conference registrations are free and already open! Join us on March 27th, either online or on-site in Berlin, to learn all about the latest developments in confidential computing by thought leaders at Microsoft, Arm, NVIDIA and more!
Intel Announces TEE-IO Support in Latest Xeon 6 Processors: On February 24, Intel launched the latest processors in the Intel Xeon 6 family and announced support for Trusted Execution Environment-IO (TEE-IO). The Intel Xeon 6 processors with P-cores (formerly code-named “Granite Rapids”) include hardware support for Intel TDX Connect, Intel’s implementation of TEE-IO. Intel TDX Connect will enhance the performance and flexibility of Confidential Computing use cases that include confidential operations on both the CPU and a PCIe-connected device such as GPU-accelerated confidential AI. Solutions based on Intel TDX Connect will require a capable CPU, an enabled host OS/hypervisor, and a TEE-IO capable device. Intel is engaged throughout the ecosystem to accelerate enablement of complete solutions.
From the TAC: Path Forward for Confidential Computing in 2025
Welcome 2025 Leadership
NEW! Confidential Computing Messaging Guide
Confidential Computing Summit Call for Papers
Recent News
From the TAC
Confidential Computing in 2024: Growth, Security, and Collaboration Pave the Way for an Exciting 2025
In 2024 We did a great job working together on the TAC to make the world more secure with Confidential Computing, than any of us could have done as individuals or individual companies.
As an open source organization, seeing our projects grow is nearest and dearest to our hearts. Long standing projects like Gramine advanced with more and more adoption.
We grew our portfolio by 60% with new projects contributed by Intel, Samsung, Suse, and TikTok. These new projects span:
As 2025 kicks off we already have a new project in the pipeline. Stay tuned for some news coming up real soon on that.
Our projects, already security focused, improved their security posture adopting best practices from the Open Source Security Foundation. All CCC projects have completed or initiated the OpenSSF Best Practice Badge. In 2025, we’ll help our projects get even more robust as we assess how Scorecards can identify additional improvements.
We revamped our mentorship program, welcoming a new cohort of mentees who are actively contributing to CCC projects and gaining security expertise—thanks to our dedicated maintainers who generously mentor them.
Our Special Interest Groups (SIGs) made great strides:
The Kernel SIG is accelerating Confidential Computing feature upstreaming in the Linux Kernel.
The Attestation SIG fosters collaboration on attestation data standards and protocols, with impactful developments expected in 2025.
The Governance, Risk, and Compliance (GRC) SIG is driving awareness of critical concepts like Workload Identity, which the TAC will explore further this year.
Curious about Workload Identity? Come join us at a TAC or GRC SIG meeting or follow the discussion on our mailing lists.
Welcome to Our 2025 CCC Leaders
We’re excited to kick off 2025 by introducing our new leadership team:
Governing Board
Chair: Nelly Porter (Google)
Vice-Chair: Emily Fox (Red Hat)
TAC
Chair: Dan Middleton (Intel)
Vice-Chair Yash Mankad (Red Hat)
Outreach Committee
Chair: Rachel Wan (IBM)
Vice-Chair: Mike Ferron-Jones (Intel)
CCC Outreach
Driving Adoption and Engagement: Reflecting on 2024 and the Path Forward for Confidential Computing in 2025
Looking back at 2024, the Outreach Committee launched brand repositioning efforts, completed the Confidential Computing Messaging Guide, and shifted the focus from “What is Confidential Computing” to “Why Confidential Computing Matters.” The committee also proposed creative agency work, updates to the CCC website, and refinements to the logo and mascot. Additionally, we engaged IDC for a market analysis white paper to update market data and expand Confidential Computing coverage. We participated in key industry events, including FOSDEM, OC3, RSAC, CC Summit, and OSFF.
For 2025, our strategy focuses on enhancing CCC’s presence through creative agency work, market analysis, community outreach, events, and educational resources. These initiatives aim to strengthen our mission while increasing engagement and visibility across industries.
We invite the community to contribute by submitting use cases, sharing insights, and participating in upcoming events. Your involvement is vital to shaping the future of Confidential Computing and driving collective progress.
The Confidential Computing Summit Returns for Year 3!
Mark your calendar for June 17-18 in San Francisco as the Confidential Computing Consortium collaborates with Opaque Systems for the third annual Confidential Computing Summit.
Bringing together the brightest minds in confidential computing, secure AI, and privacy-preserving technologies, the Summit will explore the transformative potential of generative AI across industries like finance, healthcare, and manufacturing while learning how to keep sensitive data secure.
Have a real-world use case or breakthrough to share? Submit your session proposal and join the conversation shaping the future of confidential computing and trustworthy AI. Submit here.
The SIMI Group, Inc. (SIMI), a pioneer in health information exchange and analytics services since 1996, continues to push boundaries in public health and healthcare informatics. By addressing critical data gaps across public health agencies, healthcare systems, community organizations, payers, pharmaceutical companies, and researchers, SIMI delivers near real-time situation awareness while prioritizing privacy. Their expertise transforms complex data into actionable insights that drive community health and wellness.
The Confidential Computing Consortium (CCC) is excited to welcome The SIMI Group, Inc. (SIMI) as a startup member. By joining the CCC, SIMI reinforces its commitment to advancing data security and driving the global adoption of trusted execution environments (TEEs). This strategic collaboration with industry leaders like Microsoft and AMD positions SIMI to meet the rigorous privacy, security, and compliance standards of healthcare and public health, while building trust among the public and community partners.
“SIMI is excited to join the CCC and collaborate with Microsoft and AMD,” said Nilesh Dadi, Director of Trusted & Predictive Analytics at SIMI. “This partnership empowers us to support healthcare systems and public health by leveraging trusted execution environments. With this technology, we enable near real-time situation awareness of vaccinations, outbreaks, and medical emergencies in a transparent and privacy-protecting manner.”
SIMI’s leadership in public health innovation stems from firsthand experience with real-world challenges. “SIMI was boots-on-the-ground from the earliest days of the COVID-19 pandemic in the United States,” said Dan Desmond, President & Chief Innovation Officer at SIMI. “The world can no longer rely on faxes, massive group phone calls, and spreadsheets to manage medical and public health emergencies. We’re working with CCC collaborators to build on our progress with the Confidential Consortium Framework, moving toward an accountable and attestable zero-trust future.”
As a CCC member, SIMI is poised to drive the adoption of secure, privacy-first technologies, shaping the future of public health and healthcare informatics through collaboration and innovation.
We are thrilled to announce that MITRE has joined the Confidential Computing Consortium (CCC), further solidifying its commitment to advancing cybersecurity innovation. As a leader in providing technical expertise to the U.S. MITRE’s participation will play a pivotal role in shaping the future of secure cloud computing.
A New Era of Cloud Security
With the growing migration of IT resources to the cloud, securing sensitive data has become more critical than ever. Confidential Computing represents a groundbreaking advancement in cybersecurity by enabling encryption for “data in use” and supporting hardware-bound “enclave attestation.” These capabilities reduce the cyber threat surface, offering unparalleled protection for sensitive data processed in cloud environments.
MITRE’s cybersecurity engineers regularly address the most complex and critical challenges in information systems security as they partner with the Government. By leveraging Confidential Computing, MITRE seeks to enhance cloud security while addressing uncertainties and mitigating potential new risks introduced by emerging technologies.
Through its membership in the CCC, MITRE aims to stay at the forefront of:
Understanding Emerging Use Cases: Identifying practical applications of Confidential Computing across industries and government sectors.
Evaluating Implementation Methods: Exploring best practices for adopting Confidential Computing standards and technologies.
Assessing Value Propositions: Demonstrating the tangible benefits of Confidential Computing for cloud security and operational efficiency.
Analyzing Vulnerabilities: Investigating potential risks and threats associated with emerging products, standards, and cloud services.
Driving Collaboration and Innovation
MITRE’s expertise in cybersecurity will contribute significantly to the CCC’s mission of broadening the adoption of Confidential Computing. By collaborating with industry leaders, MITRE will help establish robust standards, develop practical solutions, and ensure secure implementation methods that meet the needs of both Government and private sectors.
As Confidential Computing continues to evolve, MITRE’s involvement will enable greater innovation and confidence in cloud security, benefiting the Government and the broader technology community. Together, we can address the challenges of tomorrow and build a more secure digital landscape.
We are thrilled to announce that 
