
TL;DR | What’s in This Issue?
- The redesigned CCC website launched June 23rd! 🎉
- Confidential Computing Summit 2026 wrapped in San Francisco; session recordings are now live on the Linux Foundation YouTube channel.
- TAC approved Blueprint C (Collaborative Clean Room), moved Keystone to emeritus, and the SPDM project hit a major post-quantum cryptography + FIPS 140-3 milestone.
- NVIDIA Confidential Computing is now powering Apple’s Private Cloud Compute on Google Cloud.
- The Academic Research Grant program received 35 proposals; two recipients to be announced July 1.
- The GRC SIG is calling for contributors, especially from regulated industries working on confidential AI governance.
From the Executive Director
Hello Community Member,
This month has been a busy one, with huge updates from the Outreach team (see below), a new strategic kick-off with the Governing Board (details to follow), continued strong engagement with Regulators and Standards Bodies and conferences in Mumbai (Open Source India) and San Francisco (Confidential Computing Summit).
And it feels like things have changed since this time last year: Confidential Computing has gone past an inflection point, with significant increases in adoption (Anthropic and Apple both gave keynotes where they made it clear that Confidential Computing is no longer optional: it’s foundational) and two (often overlapping) use cases where there is no question that CC is required: AI (both “standard” and Agentic) and Digital Sovereignty. The fact that there is overlap between these two should surprise nobody: everyone is using AI, and everyone cares (or should care) about their data, models, and applications. It has become clear to industry, and is becoming clear to governments and regulators, that the only way to secure your data against the myriad attackers is to use Confidential Computing. Confidential Computing, then, is a technology whose time has come: at the CCC, we plan to encourage and simplify adoption, push forward on new technologies and ensure that open source is placed squarely in the centre of the ecosystem. Join us!
From the Outreach Committee Chair
The redesigned CCC website launched on June 23rd, just in time to provide those attending CC Summit with an updated opportunity to learn more about how Confidential Computing works and how the CCC continues to shape the technology journey. The goal of the web redesign was to provide a customer experience that matches how the modern search is occurring – guided heavily by SEO and AI model use best practices. Executives can quickly and easily see how CCC helps reduce hidden regulatory and liability exposure, turn compliance into competitive advantage, enable high‑value data sharing without surrendering control, and support cloud and AI adoption on a hardware root‑of‑trust. The developer journey allows them to delve into the technical advancements made possible through the CCC.
We also added all new use cases make the impact of CCC collaboration tangible: secure fraud detection and AI model training on customer data without exposure in finance, privacy‑preserving clinical collaboration and AI diagnostics in healthcare, post‑cookie audience matching and tamper‑resistant clean rooms in AdTech, and sovereign, attested AI workloads and multi‑agency data sharing with cryptographic audit trails in government.
In addition to these new use cases, the Board Ready Guide to Confidential Computing provides a board-ready framework for understanding the regulatory, financial, and business opportunities of securing data-in-use with Confidential Computing. A special thanks to all of the outreach partners at AMD, Google, Linux Foundation, Intel, and NVIDIA who prioritized getting the site updated before CC Summit.
Speaking of the CC Summit 2026… the two days spent in San Francisco highlighted that Agentic AI has completely shifted the conversation from: how can the CCC drive awareness and adoption around this important technology to: how fast can we get it into the hands of customers today?
Many of the CCC members shared their expertise from the impact of agentic AI and securing workloads during inference, advancing business insights across every vertical, attestation and how best to fine tune CC to ensure optimal performance. The CCC shared the importance of standards, blueprints, and open source infrastructure.
If you weren’t able to be there in person, no need to fret, as sessions will be available on the Linux Foundation landing page soon, which can be found here.
Engage with the CCC and our latest posts on LinkedIn. Feel free to tag your company if you are highlighted and do share what you loved most about the event with us, so we can spotlight your feedback in next month’s update!
Outreach Resources
- Post on CCC Jobs Board.
- Subscribe to CCC Monthly Newsletter and submit content via content submission form.
- Read CCC Blog Posts: submit your blog post ideas via content submission form
- Use the Member Badge and link to the CCC Website.
- Follow the CCC Events Calendar.
From the TAC
TAC had a busy lead-up to the Confidential Computing Summit, with two meetings in late May and early June covering project milestones, annual reviews, governance discussions, and a standout Tech Talk.
Blueprint C approved. The TAC formally approved the Collaborative Clean Room blueprint, authored by Mingshen Sun (TikTok) and Rene Kolga (Google). The document will now go through LF Creative for PDF layout and publication on the CCC website. This is the third in a series of blueprints the TAC has been developing to provide practical adoption-focused guidance for Confidential Computing deployments.
Keystone moves to emeritus. The Keystone project was voted to emeritus status, marking the end of its active lifecycle within the CCC. Keystone made important contributions to the evolution of Confidential Computing, and the TAC acknowledged the work of its maintainers. Should community interest arise in the future, the project can be revived from its archived state.
SPDM project hits PQC milestone. Duan presented the SPDM-RS annual review, highlighting a significant achievement: full SPDM 1.4 support including post-quantum cryptography algorithms ML-DSA and ML-KEM, cross-tested for interoperability with DMTF’s libspdm implementation. The project also gained a new adoption use case, live migration of Trust Domains, where SPDM establishes the secure session for exchanging migration keys between hosts. The team is evaluating new formal verification tools (Kani and Verus) to replace older tooling that has fallen out of maintenance, and the project maintains a strong 97% OpenSSF Best Practices badge score. SPDM key exchange has also been officially recognized in the FIPS 140-3 implementation guidance, a notable milestone for the protocol.
Open Enclave SDK annual review. Radica presented the Open Enclave SDK’s annual review, now in its fourth year as a CCC project. The project continues to be maintained on a six-month release cadence (currently v0.19.15), with around 65 weekly commits, 225 cumulative contributors, and 1.2k GitHub stars. Recent work includes support for TDX live migration attestation verification claims and updates to align with the latest Intel PSW releases. The team is working on removing legacy OP-TEE code and has improved its OpenSSF Best Practices badge from 75% to 84%. The project is not seeking graduation at this time but remains a stable part of the CCC portfolio.
Tech Talk: Portable Machine Image (PMI). Nathaniel McCallum (AMD) delivered a deep technical presentation on the Portable Machine Image format, a new approach to moving guest firmware entirely into the tenant’s software supply chain. The core problem PMI addresses is that in today’s CVM deployments, the firmware running inside the guest is selected and controlled by the cloud provider, not the tenant. As the French regulator ANSSI noted in their 2025 position paper, this makes it impossible for users to fully verify their trusted computing base. PMI solves this by defining an explicit, versioned launch contract, bundled as a PE artifact containing platform definitions, boot payloads, and per-target launch recipes, that any compliant hypervisor can execute deterministically. The same PMI image produces the same attestation measurement regardless of which cloud or hypervisor runs it. McCallum demonstrated the tooling live, showing a full guest boot in roughly 300 milliseconds using a minimal safe-Rust bootloader called Tattoo (approximately 12,000 lines of code, compared to OVMF’s 3.6 million). The talk sparked active discussion about operationalizing this in hyperscaler environments and its implications for portable attestation. You can watch the full talk on our Tech Talk Playlist.
GRC SIG: call for participation. Mark Novak (JPMC) presented on the state of the Governance, Risk, and Compliance SIG, which has published three governance patterns to date (workload governance, workload upgrade governance, and verifier governance) with a fourth on proxying gateways now in PR for TAC review. Mark emphasized that governance guidance is essential for unlocking adoption in regulated industries, and shared that the patterns are already being used to develop internal control objectives at JPMC. However, the SIG has been struggling with low participation and needs contributors to continue its work, particularly on upcoming patterns for confidential AI training and inferencing. The TAC is exploring options including integrating GRC working sessions into regular TAC meetings. If your organization deploys or plans to deploy Confidential Computing in a regulated environment, this is a great opportunity to contribute.
CC Academic Research Program. The program committee received 35 research proposals from researchers globally and is currently working through selections, with plans to sponsor two projects.
Looking ahead. The June 25 TAC meeting was cancelled due to the Confidential Computing Summit (June 23–24). TAC members planned an informal in-person meetup during the summit. The next regular meeting is July 9, with Rene Kolga chairing.
Join us at our meetings on alternating Thursdays at 7 am Pacific time. You can look up the meeting in your own timezone using the CCC Calendar. Recordings of past meetings are available on the YouTube TAC Playlist.
Recent News
New CCC Blog: Agentic AI Security is Moving Fast. Here’s Where to Start.
Outreach Chair Laura Martinez published a practical guide for enterprises navigating agentic AI security, making the case that traditional security frameworks weren’t built for autonomous AI workloads and explaining why hardware-based TEEs – now extending from CPU to GPU – are the necessary foundation.
👉 Read the blog

Let’s grow our community! Share this with your network.