We are pleased to welcome Phala as the newest General Member of the Confidential Computing Consortium (CCC)! We’re glad to have Phala on board and greatly appreciate their support for our growing community.
About Phala
Phala is a secure cloud platform that enables developers to run AI workloads inside hardware-protected Trusted Execution Environments (TEEs). With a strong commitment to open-source development, Phala provides confidential computing infrastructure that ensures privacy, verifiability, and scalability. Their mission is to make secure and trustworthy AI deployment practical and accessible for developers worldwide.
Why Phala Joined CCC
By joining the CCC, Phala is partnering with industry leaders to advance open standards for confidential computing. Phala brings unique expertise through real-world deployment of one of the largest TEE networks in operation today, contributing valuable experience to help accelerate adoption of confidential computing.
At the same time, Phala looks forward to learning from the broader CCC community and collaborating to strengthen interoperability across the ecosystem.
Contribution to CCC-Hosted Projects
Phala is also contributing directly to CCC-hosted projects. Its open-source project, dstack, is now part of the Linux Foundation under the CCC. dstack is a confidential computing framework that simplifies secure application deployment in TEEs, providing verifiable execution and zero-trust key management to developers.
In Their Own Words
“Confidential computing is essential to the future of secure and trustworthy AI. By joining the Confidential Computing Consortium, we are deepening our commitment to building open-source, hardware-backed infrastructure that empowers developers everywhere. We are excited to contribute our experience operating one of the largest TEE networks and to collaborate with the community on shaping the future of confidential computing.” — Marvin Tong, CEO, Phala Network
This month’s newsletter highlights the CCC’s strong presence at the AI Infrastructure Summit in Santa Clara, where members engaged end-users and ecosystem partners through panels, podcasts, and booth activities. Looking ahead, the big focus is the upcoming “Designing AI-Ready Data Safeguards with Confidential Computing” workshop on October 20 in San Francisco, led by Intel, Nvidia, and TikTok, which will explore practical strategies for securing AI data pipelines. We’re also gearing up for OSFF New York (Oct 21–22) with a dedicated Confidential Computing track. Plus, check out recent member news, the new compliance resource hub, and the latest from Google Cloud expanding Confidential Computing with Intel TDX.
From the Executive Director
This month saw the CCC sponsoring the AI Infra Summit in Santa Clara, California, with a number of activities including a panel and a podcast. We also had a booth in the exhibition hall, staffed by members of the Consortium, with over a dozen different staff from a variety of member companies taking the time to talk about the CCC – and their companies’ work – to visitors. One of the key features of the AI Infra Summit is that it included a large number of end-users, with the conference attracting not just supply-side but also demand-side attendees. This mix was reflected in the interest and interactions we had at the booth, with a good number of both end-users and ecosystem partners coming to find out more about Confidential Computing and the Consortium.
In fact, one aspect of the ecosystem that has changed significantly over the past nearly six years since the founding of the Consortium is awareness of Confidential Computing as a technology, mirrored by availability both for cloud and in-house deployments. As we work on our strategy for the next year, we are considering how to build on these changes in awareness and availability to help promote use, considering activities such as stronger engagement with regulators, creation of reference architectures and publication of more white papers. Now is a good time to get involved to ensure that your priorities around Confidential Computing are reflected in the work we do: I look forward to seeing you at our meetings.
Outreach
Outreach continued its engagement efforts this month, connecting with the community at the AI Infrastructure Summit. Special thanks to members Anjuna, Hushmesh, Invary, and Mainsail for their leadership, and to TikTok, Intel, IBM, Google, and many others for their participation. Hushmesh led the Enterprise AI Panel and joined the TechArena podcast, Mainsail hosted the Pre-Show Online Seminar, and Invary led both the At-Show Live Session and the podcast. The CCC booth staffed by ~12 member representatives over three days drew strong traffic, and fostered meaningful engagement with attendees. The event was a great example of the member collaboration that drives our community forward.
Looking ahead, Outreach has been preparing for several exciting upcoming events:
Workshop: Designing AI-Ready Data Safeguards with Confidential ComputingOctober 20, 2025 | Hilton Canopy San Francisco SOMA, San Francisco, CAThis workshop, led by Intel, Nvidia and Tiktok, will bring together experts and customers from industry and academia to explore how confidential computing can enable stronger safeguards for AI-ready data, with a focus on practical strategies for building privacy-preserving and secure data pipelines.
Open Source in Finance Forum (OSFF) New YorkOctober 21–22, 2025 | Convene, 225 Liberty St., New York, NYOSFF New York brings together leaders across financial services, open source, and technology to discuss the future of innovation in finance. Outreach will feature six dedicated talks in the Confidential Computing track, with participation from organizations such as Google, Red Hat, Symphony, Fr0ntierX, and Super Protocol. In addition, the broader OSFF program will spotlight major financial institutions including BNY Mellon, Morgan Stanley, and Citi, showcasing how confidential computing and open source are transforming the financial services landscape.
We look forward to sharing highlights and outcomes from these events in the next newsletter!
OSFF New York Oct 21–22, 2025 | Convene, 225 Liberty St., New York, NY
From the TAC
There are no new updates to share this month, as the TAC did not convene during this period. We look forward to providing the latest TAC news and progress in next month’s newsletter.
Google Cloud has made Intel Trust Domain Extensions (TDX) generally available across its confidential VMs, GKE nodes, and GPU offerings. The update lets organizations protect data in use with simple console settings, adds support for secure AI/ML workloads on NVIDIA H100 GPUs, and introduces Intel’s Tiber Trust Authority attestation service with a free tier.
We’re proud to highlight CCC members Manu Fontaine (Hushmesh Inc.) and Jason Rogers (Invary) for representing the Confidential Computing Consortium on the Tech Arena podcast!
Recorded live as part of our activation at the AI Infrastructure Summit this week in Santa Clara, they did a fantastic job showcasing the benefits of Confidential Computing and advocating for the mission of the CCC. Listen to the full episode here.
This page is a resource hub to help organizations and practitioners navigate governance, security, and regulatory considerations in Confidential Computing.
Explore guidance on: Workload governance, Verifier responsibilities, Ecosystem expectations, GDPR compliance in the AI era.
Best regards,
The Confidential Computing Consortium
Let’s grow our community! Share this with your network.
This month’s update highlights important progress across the Consortium, including insights from the TAC, Outreach, and Executive Director, as well as recent member news. From preparing strategic priorities for 2026 to hands-on technical advances and upcoming events like the AI Infrastructure Summit and our October workshop, the CCC continues to bring members together to shape the future of Confidential Computing. Read on for the latest updates!
From the Executive Director
While the Consortium isn’t very busy with activities like conferences over August, that doesn’t mean that important work stands still. I’ve been working with members of the leadership team to prepare us for 2026. Budgets need to be approved towards the end of the year, of course, but we can’t start on that without a good understanding of what our strategic priorities should be for the next 12 months. So we’ve been looking at what our options might be and are looking forward to the Governing Board meeting at the end of this month, where we hope to have a robust debate about what we might do.
One of the interesting things about the Consortium is the high number of start-ups who are (mostly) General Members, and balancing their interests with those of our larger members, some of whom are Premier Members. We work hard to ensure that the views, goals and concerns of smaller members are considered and represented at the strategic level, and the make-up of the Governing Board includes three representatives of the General Members, elected once a year to the Board. We value their input and they each have a vote, equal with those of the Premier Members.
Outreach
Outreach took the month off to lay by the pool and drink mojitas (we wish!). Actually, it’s been a sprint to prepare for upcoming events including the AI Infrastructure Summit in Santa Clara, California and plan our customer workshop in San Francisco. CCC presence at AI Infrastructure Summit (September 9-11) is packed with member participation on panels, pre-show workshops, at-show sessions, podcasts, and a booth. Thanks to members Anjuna, Hushmesh, Invary, and Mainsail for their leadership at the event. Outreach is also planning a customer workshop for ~30 attendees on October 20 in San Francisco with a strong line-up of speakers on topics ranging from confidential AI, regulatory compliance, and even a build-your-own-use case exercise. Tip of the hat to members Nvidia and TikTok for taking point on workshop planning. And finally, the international survey results from our market research project with IDC are in, and we are looking forward to seeing the initial report at the Outreach meeting on September 3. IDC is targeting delivery of their full report in early October, which will be available to all members. Maybe we’ll get to lay by the pool in November? We can hope.
Join this one-day workshop to explore how Confidential Computing can protect sensitive AI initiatives, enable compliance, and unlock new capabilities. Hear real-world examples from industry leaders and collaborate with experts to develop solutions tailored for your business.
From the TAC
Despite August vacations a lot transpired this month in the Technical Advisory Council. ManaTEE delivered its first annual report from Mingshen Sun. Since joining a year ago the project has made its first community release, refactored a lot of the initial research code, and added a new TEE backend (Intel TDX). They also added documentation which is great for first time users and contributors and have a slick webpage.
We also got an update on the RISC-V confidential computing architecture, CoVE from Ravi Sahita. Ravi walked us through the CoVE Application Binary Interface and Reference Architecture. Much of the collaboration for this work takes place in a sister organization in the Linux Foundation. Learn more.
We also heard from Red Hat’s Dr. Chris Butler. Chris talked about his experiences in the field applying Confidential Computing to real customer problems. It was a great ground truth on customer perceptions of the technology. One of my main takeaways was the importance of compliance in customer decisions. This has been a big topic across the Consortium and one that we need even more focus on. You can watch all of this in our TAC playlist on youtube – check out the August 7th meeting.
Recent News
We’re excited to welcome QLAD to the CCC as a new Start-up Member! QLAD is a Kubernetes-native confidential computing platform delivering pod-level TEEs, encrypted Armored Containers™, and post-quantum resilience—making confidentiality scalable and production-ready. With contributions already in the Confidential Containers project and a vision to simplify secure computing, QLAD is helping define the next era of Confidential Computing. Read the announcement.
We’re pleased to welcome QLAD to the Confidential Computing Consortium (CCC), as the latest innovator helping define the next era of secure computing.
QLAD is a Kubernetes-native confidential computing platform that provides runtime protection by default, delivering pod-level Trusted Execution Environments (TEEs) and featuring encrypted Armored Containers™ for enhanced IP protection and post-quantum resilience. With post-quantum resilience and seamless integration, no code rewrites or infrastructure changes required, QLAD enables scalable, production-ready confidentiality for modern workloads.
“At QLAD, we believe confidential computing should be simple. We’re building a platform that delivers drop-in protection for sensitive workloads, without code rewrites or infrastructure disruption. We’re proud to join the CCC community and contribute to the standards, tooling, and trust models that help organizations stay secure across clouds, edges, and collaborative environments.” — Jason Tuschen, CEO, QLAD
Confidential computing is undergoing a transformation, from experimental to essential. QLAD was founded to help accelerate that shift by making trusted execution practical and DevOps-friendly, especially for organizations deploying at scale across cloud, hybrid, and edge environments.
Why QLAD joined CCC
The CCC provides a powerful venue to drive industry alignment on standards, reference architectures, and transparent governance. QLAD sees the consortium as a collaborative platform to:
Champion workload-first adoption patterns (beyond VM- or node-level models)
Demystify confidential computing for developers and security teams
Share insights as it prepares to open-source components of its container security layer in late 2025
What QLAD brings to the community QLAD engineers are already contributing to CCC-hosted initiatives, including the Confidential Containers (CoCo) project. Contributions to date include:
QLAD engineers have contributed directly to the Confidential Containers (CoCo) project, including adding AWS SNP VLEK support across three repositories (trustee, guest-components, and azure-cvm-tooling)
Submitted eight pull requests (all merged) to cloud-api-adaptor, advancing workload orchestration in confidential environments
Engaged with members of U.S. Congress to raise awareness of Confidential Computing and Confidential Containers, helping ensure the technology receives attention and potential funding at the federal level
As QLAD prepares to open source additional components, it plans to work closely with the CCC Technical Advisory Council to align on contribution pathways and ensure long-term technical alignment.
What QLAD hopes to gain In joining CCC, QLAD looks forward to:
Advancing attestation frameworks, policy enforcement models, and container standards
Collaborating with industry peers solving real-world deployment challenges
Participating in working groups that shape the future of confidential computing across AI, hybrid cloud, and zero-trust environments
We’re excited to welcome QLAD into the CCC community and look forward to their continued contributions to making confidential computing scalable, practical, and trusted by default.
This month’s update features progress across our technical community, including updates from the TAC and Outreach Committees, new project proposals, upcoming event plans for the fall, and exciting member news. From standards engagement to real-world demo planning, the CCC continues to build momentum across the ecosystem. Read on for the latest news!
From the Executive Director (ED)
As the summer hits in the Northern Hemisphere, things sometimes slow down, but although there are no major conferences for a month or so at which the CCC is appearing, committee and SIG meetings are continuing apace. Of particular note is the Outreach Committee’s has task force to evaluate the effectiveness and value for money of the various activities in which we engage. A number of TAC SIG members have been working with standards bodies to ensure that Confidential Computing is appropriately represented in their outputs and also to work on various protocols that include Confidential Computing primitives. We always welcome involvement in our various committees and SIGs – and you don’t need to be a member to contribute, so please come along.
It’s also worth noting that almost all of our meetings are recorded and made available on the Confidential Computing Consortium’s YouTube channel, allowing you to catch up on any topics you’ve missed. There are Slack channels and mailing lists for asynchronous communication as well: visit the Committees page on the website for more information.
Finally, we have a number of new members expected to join us in the next few weeks, so keep an eye out for news around that!
Outreach
The Outreach Committee carried the Confidential Computing message to the market across a range of channels. Website, blog, and social metrics were all up over the quarter. We also came away from CC Summit and OSS North America with a good archive of talks from many members available for promotion. We are gearing up for two major in-person events in Q4’25: AI Infrastructure Summit (Silicon Valley) in September, and a bespoke customer workshop in San Francisco in October. For the AI Infrastructure Summit, we have a full slate of activities including on-line workshops, panel discussions, sessions, podcast appearances, and the CCC booth. The October event will be a one-day workshop featuring speakers, demos, and customer success stories. Thanks to all the members contributing their efforts to these events.
Outreach is also in the midst of a strategy reassessment. We are looking at our objectives and tactics and plan to report out to the Governing Board soon with recommendations we believe will drive more awareness, engagement, and adoption of Confidential Computing.
The Open Enclave SDK project recently completed its 2025 annual review, highlighting its continued role as one of the most mature and widely adopted projects within the Confidential Computing Consortium. Designed to support hardware-backed Trusted Execution Environments, OE remains central to production deployments—particularly in Intel SGX-based systems—offering a stable, well-maintained foundation for building secure enclave applications. The project’s ongoing contributions, robust documentation, and ecosystem integration make it a critical pillar of the CCC’s technical landscape. Its long-standing reliability continues to benefit both new developers and organizations building trusted workloads at scale.
In addition, the TAC is currently reviewing a proposal for a new project: dstack, an open-source confidential AI orchestration framework. Designed for secure deployment of AI workloads in TEEs, dstack represents a promising direction for expanding the Consortium’s footprint into privacy-preserving machine learning. The proposal is available on the TAC mailing list for community review, and a resolution is expected next month. We encourage members to explore the project and share feedback as part of our open, collaborative governance process.
Recent News
Missed the Confidential Computing Consortium Mini Summit at OSSNA 2025? The full session recordings are now live on the CCC YouTube channel! From ecosystem updates to deep dives into real-world applications, catch talks from leaders at NVIDIA, Microsoft, and more. Catch up now.
Confidential Computing underpins the “Mesh”, a secure-by-design alternative to the web. CCC member Hushmesh—a 2024 NATO DIANA startup (DIANA being NATO’s Defence Innovation Accelerator for the North Atlantic)—has been selected for NATO’s Rapid Adoption Action Plan, ratified at the 2025 NATO Summit in The Hague. In collaboration with NATO DIANA, the NATO Communications and Information Agency (NCIA), and NATO HQ, Hushmesh will begin pilots of its Confidential Computing-based technologies: Universal Zero Trust, Entity-Centric Information Security, and “Meshaging.” This selection highlights the strategic relevance of Hushmesh’s “Mesh” infrastructure for defense and alliance-wide trustworthy collaboration. At the core of Hushmesh’s approach is Confidential Computing, which ensures that information remains protected not only at rest and in transit, but also in use—secured within hardware-based Trusted Execution Environments (TEEs). This secure-by-design foundation underpins the Mesh: a next-generation global information infrastructure that automates end-to-end information provenance, integrity, authenticity, confidentiality, privacy, and zero trust at the computing process and chip levels. It represents a fundamental shift from legacy IT-centric, and domain-centric web paradigms—addressing foundational vulnerabilities with today’s computing approaches. Built on Confidential Computing, the Mesh offers a path to universal cybersecurity and cross-domain trust to meet the secure collaboration needs of NATO and other large-scale organizations operating across national and corporate boundaries.
Are open source attestation tools speaking the same language? In Harsh Vardhan Mahawar’s LFX mentorship with the CCC, he tackled this challenge – mapping Keylime, Veraison & JANE to the IETF’s RATS model, implementing the CMW wrapper, and introducing python-ear for EAT attestation results. Read the blog.
What is Confidential Computing—and why does it matter? Watch the interview with Mike Bursell, Executive Director of the Confidential Computing Consortium, as he breaks down the fundamentals of confidential computing, attestation, and their growing importance in today’s security landscape.
We’re excited to welcome Tinfoil as the newest start-up member of the Confidential Computing Consortium. Tinfoil is an open source platform delivering cryptographically verifiable privacy for AI workloads—ensuring user data remains protected, even from the cloud provider. Learn more about their work and how they plan to contribute to the CCC community.
Best regards,
The Confidential Computing Consortium
Let’s grow our community! Share this with your network.
This blog post encapsulates my experience and contributions during the Linux Foundation Mentorship Program under the Confidential Computing Consortium. The core objective of this mentorship was to advance the standardization of remote attestation procedures, a critical facet of establishing trust in dynamic and distributed computing environments. Through focusing on the IETF’s Remote Attestation Procedures (RATS) architecture, we aimed to enhance interoperability and streamline the integration of various open-source verifier projects like Keylime, JANE, and Veraison.
Motivation: Why Standardization Matters
Open-source remote attestation tools often develop independently, resulting in inconsistencies in how they format and exchange attestation data. This fragmentation poses a challenge for interoperability across verifiers, relying parties, and attesters.
My mentorship focused on aligning these implementations with two crucial IETF drafts:
The goal was to standardize both evidence encoding and attestation result reporting, facilitating smoother integration between systems.
Laying the Foundation: Mapping to the RATS Architecture
Before diving into implementation, a fundamental understanding of the RATS architecture and its alignment with existing solutions was paramount. The RATS Working Group defines a standardized framework for remote attestation, enabling a Relying Party to determine the trustworthiness of an Attester based on evidence produced by such an Attester.
Our initial phase involved a detailed mapping of prominent open-source remote attestation tools—Keylime, JANE, and Veraison—against the RATS architectural model. This exercise was not merely theoretical; it was an actionable analysis driven by key principles:
Granularity: Pinpointing specific components and their RATS functions, rather than broad role assignments.
Data Flow: Analyzing the journey of evidence, endorsements, and attestation results to align with RATS conveyance models.
Standardization Focus: Identifying areas where these projects could adopt RATS-recommended standards.
Actionable Insights: Providing clear directions for modifications to enhance RATS compliance.
This foundational work was crucial because it provided a clear roadmap, highlighting where standardization gaps existed and how our contributions could most effectively bridge them, fostering a more unified confidential computing ecosystem.
Keylime is a comprehensive remote attestation solution for Linux systems, focusing on TPM-based attestation. It ensures cloud infrastructure trustworthiness by continuously collecting and verifying evidence.
Jane Attestation Engine (a fork and major rewrite of the former A10 Nokia Attestation Engine i.e. NAE) is an experimental remote attestation framework designed to be technology-agnostic.
Veraison is an attestation verification project under the Confidential Computing Consortium. It focuses on providing a flexible and extensible Verifier component for remote attestation, supporting multiple attestation token formats and providing APIs for evidence verification and endorsement provisioning.
A significant challenge in remote attestation is the diversity of evidence formats produced by different attestation technologies. This heterogeneity necessitates complex parsing and integration logic on the Relying Party’s side. The Conceptual Message Wrapper (CMW), as defined by IETF, offers a solution by providing a standardized collection data structure for attestation evidence.
My work involved implementing CMW within Keylime. The goal was to transition Keylime’s custom KeylimeQuote evidence format to the standardized CMW format, specifically targeting a new API version vX.X (version to be finalized). This involved:
Encapsulation: Wrapping disparate evidence components—such as TPM TPMS_ATTEST structures, TPMT_SIGNATURE values, PCRs, IMA measurement lists, measured boot logs, and Keylime-specific metadata (e.g., public key, boot time)—into a unified CMW structure.
Serialization: Ensuring proper base64url encoding and adhering to a defined JSON schema for the wrapped evidence.
Canonical Event Log (CEL) Integration: A crucial part was integrating the Canonical Event Log (CEL) format (from the Trusted Computing Group) for IMA and measured boot logs, further enhancing interoperability. This required careful parsing of raw log data and constructing CEL-compliant entries.
API Versioning: Implementing logic within the Keylime agent to serve CMW-formatted evidence for vX.X (version to be finalized) requests, while retaining support for legacy formats.
The motivation behind adopting CMW is clear: it significantly streamlines the implementation process for developers, allowing Relying Parties to remain agnostic to specific attestation technologies. This approach fosters extensibility, enabling easier support for new conceptual messages and attestation technologies without altering the core processing logic.
Beyond standardizing evidence, it is equally important to standardize the results of attestation. This is where the EAT Attestation Results (EAR) comes into play. EAR provides a flexible and extensible data model for conveying attestation results, allowing a verifier to summarize the trustworthiness of an Attester concisely and verifiably.
My contribution to EAT standardization focused on two main fronts:
Developing a Python Library (python-ear): I developed a Python library (python-ear) that implements the EAT Attestation Results (EAR) data format, as specified in draft-fv-rats-ear. This library provides essential functionalities:
Claim Population: Defining and populating various EAR claims (e.g., instance_identity, hardware, executables, configuration) that represent appraisal outcomes.
Serialization/Deserialization: Encoding EAR claims as JSON Web Tokens (JWT) or Concise Binary Object Representation Web Tokens (CWT) and decoding them.
Signing and Verification: Supporting cryptographic signing of EAR claims with private keys and verification with public keys to ensure data integrity and authenticity.
Validation: Implementing validation logic to ensure EAR objects adhere to the specified schema.
Keylime EAT Plugin: This work extends Keylime’s durable attestation framework by integrating EAT-based appraisal logic. The goal is to transform raw attestation evidence and policy data into structured AR4SI TrustVector claims, thereby enhancing the auditability and semantic richness of attestation outcomes. This critical step involved:
Evidence Validation: Leveraging Keylime’s existing functions to perform comprehensive validation of TPM quotes, IMA measurements, and measured boot logs.
Failure Mapping: Precisely mapping the various Failure events generated during Keylime’s internal validation processes to specific TrustClaim values within the EAT TrustVector. For instance, a quote validation failure indicating an invalid public key would map to an UNRECOGNIZED_INSTANCE claim.
State Management: A significant challenge was ensuring that the EAT appraisal logic could utilize Keylime’s validation functions without inadvertently altering the agent’s internal state, which could interfere with Keylime’s continuous attestation workflow. This necessitated careful refactoring and the introduction of flags to prevent state changes.
Submodule Status: Defining how the overall status of the EAT submodule (e.g., “affirming,” “warning,” “contraindicated”) is derived from the aggregated TrustClaim values.
The implementation of EAT is vital for realizing the full potential of remote attestation. It provides a common language for trustworthiness, allowing Relying Parties to make automated, policy-driven decisions based on a consistent, verifiable attestation result, irrespective of the underlying hardware or software components being attested.
Conclusion and Future Outlook
This LFX Mentorship has been an invaluable journey, providing a unique opportunity to contribute to the evolving landscape of confidential computing. By focusing on RATS architecture mapping, implementing the Conceptual Message Wrapper for evidence, and integrating Entity Attestation Tokens for appraisal results, we have made tangible steps towards enhancing interoperability, standardization, and the overall security posture of open-source remote attestation solutions.
The work on CMW and EAT is critical for fostering a more robust and scalable trusted and confidential computing ecosystem. It enables easier integration of diverse attestation technologies and provides a unified, machine-readable format for conveying trustworthiness. My gratitude goes to my mentors, Thore Sommer and Thomas Fossati, for their guidance, insights, and continuous support throughout this program.
While significant progress has been made, the journey towards a fully harmonized remote attestation ecosystem continues. Future efforts will involve full upstreaming of these changes into the respective projects and exploring broader adoption across the confidential computing landscape, further solidifying the foundations of trust in a dynamic digital world.
We’re thrilled to welcome Tinfoil as the newest start-up member of the Confidential Computing Consortium (CCC)!
Tinfoil is an open source platform delivering cryptographically verifiable privacy for AI workloads. Their mission is to make it safe to process sensitive data through powerful AI models—without compromising user privacy. By leveraging confidential computing technologies, including NVIDIA’s confidential computing-enabled GPUs, Tinfoil ensures that no one—not even Tinfoil or the cloud provider—can access private user data. The platform also safeguards AI model weights from unauthorized access and supports end-to-end supply chain security guarantees.
“We’re excited to collaborate with the community to make hardware-backed AI privacy the standard.” — Tanya Verma, CEO of Tinfoil
As a company deeply invested in confidential computing, Tinfoil is joining CCC to both learn from and contribute to the broader ecosystem. Their team is especially interested in collaborating with others working at the intersection of secure hardware and AI, and in helping shape future standards for confidential AI. Currently, they’re using Ubuntu Confidential VMs from Canonical and NVIDIA’s verification tools, with plans to contribute to these open source projects over time.
We’re excited to have Tinfoil join the CCC community and look forward to the insights and innovation they’ll bring as we work together to advance the future of trusted, verifiable computing.
The talks cover community updates, technical discussions, and real-world use cases—offering valuable insights into the future of confidential computing.
Thank you to all our speakers, contributors, and attendees. Stay tuned for more updates of CCC and get involved today.
We’re thrilled to welcome Mainsail Industries as the newest start-up member of the Confidential Computing Consortium (CCC)! As pioneers in secure edge virtualization, Mainsail is joining a global community of leaders who are shaping the future of confidential computing—together.
About Mainsail Industries
Mainsail Industries is on a mission to deliver the world’s most secure edge virtualization platform and common computing environment—safeguarding critical infrastructure and the defense industrial base, while enabling organizations to modernize and achieve mission success.
At the heart of their innovation is Metalvisor, a secure, cloud-native virtualization platform purpose-built for the modern edge. Designed with simplicity, scalability, and security in mind, Metalvisor helps organizations extend the life of their most critical assets and meet the evolving demands of today’s mission-critical workloads.
What is Metalvisor?
Metalvisor is redefining what secure virtualization can look like. Unlike traditional hypervisors, Metalvisor is designed for modern workloads—Virtual Machines (VMs), MicroVMs, and Containers—while eliminating the operational complexity that often comes with secure infrastructure. It leverages cutting-edge technologies to streamline cluster management, support cloud-native patterns, and ensure security through Trusted Execution Environments (TEEs) and Trusted Workload Identity (TWI).
Metalvisor in Action:
Secure Edge Computing: Metalvisor brings cloud-native capabilities to the edge, optimizing size, weight, power, and cost (SWaP-C) for environments where security and performance are paramount.
Secure Containers: Simplifies virtualization for container-based workloads, blending the agility of containers with the protection of next-generation hypervisors.
Secure AI: Protects sensitive AI/ML workloads through TEEs and TWI, ensuring both data and model integrity via hardware-rooted trust.
Why Mainsail Joined the CCC
“Joining the Confidential Computing Consortium is an exciting milestone for Mainsail. As CTO, I’m inspired by the level of thought leadership and collaboration happening within the CCC. It’s rare to find a space where so many different organizations come together to shape the future of secure computing, and I believe this collective effort will have a lasting, global impact.” — Brad Sollar, CTO & Co-Founder
Mainsail sees the CCC as both a community of peers and a catalyst for impact. With deep experience in trusted workloads, confidential virtualization, and workload identity, the team is eager to share insights from building Metalvisor—and to learn from other contributors tackling similar challenges.
Mainsail is especially excited to contribute to the development of standards and best practices around Trusted Workload Identity—a key capability in delivering secure, scalable computing environments.
Contributing to the Ecosystem
Mainsail is actively contributing to the Trusted Workload Identity (TWI) Special Interest Group, collaborating with 21 other contributors to advance the trustworthiness and interoperability of workload identity solutions across platforms.
“Collaborating with 21 other contributors in the Trusted Workload Identity (TWI) SIG reaffirmed Metalvisor’s leadership in confidential computing. We’re proud to be shaping the future of this next-generation technology, bridging the gap between trusted execution environments and trusted workloads—a capability Metalvisor has delivered since day one.” — Eric Wolfe, Chief Engineer
Please join us in giving a warm welcome to the team at Mainsail Industries! We look forward to the expertise and innovation they’ll bring to the Confidential Computing Consortium.
Welcome to our latest newsletter! The June 2025 CCC newsletter spotlights recent events the CCC community has participated in, as well as technical updates on Coconut SVSM and Glossary. Read all the details below!
From the Executive Director (ED)
The second half of June has been a very busy time for Confidential Computing, with three events nearly back-to-back. The first was the Confidential Computing Summit in San Francisco, organized by CCC member Opaque, sponsored by the CCC and attended by many members. I gave a keynote on Aligning Confidential Computing with Use Cases, and there were keynotes and sessions from many very illustrious members of our community. Nelly Porter (Chair of the Governing Board), Dan Middleton (Chair of the Technical Advisory Committee) and I also ran a panel on the CCC, what we’re for and the benefits of engagement. Videos of sessions at the event should be available shortly, and are certainly worth watching to catch up.
The week after, in Denver, the Linux Foundation’s Open Source Summit North America also contained a number of sessions around Confidential Computing, and was followed the day after by a mini-Summit on Confidential Computing, run by the CCC.
These events can only take place with the involvement of our members, and I’d like to thank the individuals and organizations who devote time and resources to making them work. We have more events coming up: for more information, join one of the Outreach Committee’s meetings (or watch them on YouTube!).
Outreach
Confidential Computing Summit Retro
The 2025 Confidential Computing Summit featured an impressive lineup of 93 sessions across two days, bringing together senior leaders from Microsoft, NVIDIA, Meta, Intel, IBM, Google, and renowned academics from Stanford and Berkeley. The agenda included a mix of technical deep dives, thought leadership panels, and hands-on workshops led by teams from LangChain, CrewAI, and Galileo, offering valuable opportunities to explore topics such as agentic AI and secure deployment frameworks.
The Confidential Computing Consortium booth served as a central hub for member companies to showcase their latest projects and engage with attendees on the evolving mission of confidential computing.
A key highlight was the Confidential Computing Consortium session, where leaders such as Mike Bursell, Dan Middleton, and Nelly Porter from the Linux Foundation, Outreach Committee, Technical Advisory Council, and Governing Board came together for a panel discussion. The session offered attendees a unique look into the consortium’s collaborative efforts, major milestones, and cross-industry priorities. It provided a clear roadmap for how the consortium is driving innovation through community engagement, ecosystem alignment, and open development, and how individuals and organizations can get involved.
Confidential Computing Mini Summit Retro
The Confidential Computing Mini Summit at OSS NA 2025 took place on Thursday, June 26, from 1:30 to 5:00 PM in Colorado. The half-day summit brought together experts and practitioners to explore the latest advancements in confidential computing across infrastructure, AI, and distributed systems.
The summit featured a series of in-depth technical talks. Laura Martinez opened the program with “Scaling Trust for Autonomous Intelligence with NVIDIA”, highlighting how NVIDIA is enabling secure, scalable AI through confidential computing. Donghang Lu followed with “Trustless Attestation Verification in Distributed Confidential Computing”, where he introduced innovative methods for establishing trust in decentralized environments without relying on traditional trust anchors. Finally, Julian Stephen presented “Confidential Computing for Scaling Inference Workloads”, outlining techniques to secure and optimize AI inference using confidential computing technologies. The event concluded with a wrap up session led by Mike Bursell, who summarized key takeaways and encouraged continued collaboration across the ecosystem.
Session recordings will be available soon. Please stay tuned on our Confidential Computing Consortium channel atYouTube.
This month we had a great update from Coconut SVSM. The project has matured tremendously and has added a governance structure that will help ensure an architecture in balance with the different TEE providers in the community.
We also revisited the Glossary project that was initiated last year. After some initial work the Glossary was left untended. For now we’ve decided that we should invest more in it rather than shut it down. The project is useful to other organizations outside of the CCC to have plain language, informal explanations of our terminology. This is a great place to contribute if you are looking to get involved.
Recent News
Reporting on the Endorsement API Workshop at Linaro Connect 2025: Last month saw the annual gathering of engineers and experts from across the Arm ecosystem for the Linaro Connect 2025 conference, which this year took place in Lisbon. As promised, confidential computing was an important theme at this year’s conference. Read more in our recap blog.
Best regards,
The Confidential Computing Consortium
Let’s grow our community! Share this with your network.
