THE LINUX FOUNDATION PROJECTS
All Posts By

Confidential Computing Consortium

May 20

Your AI Agents Are Already in Production. Your Security Architecture Isn’t Ready.

By Blog No Comments

There’s a gap opening up in enterprise security right now, and most organizations can feel it but haven’t named it yet.

AI agents are no longer a roadmap item. They’re running in production environments, calling APIs, querying databases, reading documents, and making decisions on behalf of employees and customers. The speed of this shift has been remarkable. The security thinking hasn’t kept up.

That gap is what Confidential Computing (CC) Summit 2026 is about.

The problem with “Secure AI”

When organizations talk about securing AI, they usually mean one of a few things: access controls on who can use the model, guardrails on what the model can say, or governance frameworks for AI outputs. These are all necessary. None of them address what happens inside the computation itself.

Traditional security was designed for a world where data moved between defined endpoints, rested in known storage, and was accessed by authenticated humans. AI agents break every one of those assumptions. A single agent can autonomously traverse dozens of systems in a single session, combine sensitive data sets that were never meant to touch, and pass outputs to other agents in a chain that no human directly oversees.

The threat surface has changed. The security stack largely hasn’t.

According to IDC’s 2025 Confidential Computing Study of 600 global IT leaders, 87% of organizations identified data breaches by remote outside attackers as an area needing improvement, and 83% flagged malicious insider threats. Those numbers reflect a security posture still oriented around perimeter defense and identity management — exactly the tools that offer the least protection once an AI agent is operating inside your environment with legitimate credentials.

What Confidential Computing actually solves

Confidential Computing is the protection of data that is actively in use — during computation, not just at rest or in transit. It does this through hardware-based trusted execution environments (TEEs): isolated enclaves where sensitive workloads run encrypted and verifiably protected, even from the operating system, the hypervisor, and cloud infrastructure administrators.

This matters for agentic AI in a specific and concrete way.

When an AI agent processes your customer data, it isn’t just reading a file and returning a result. It’s loading data into memory, running inference or retrieval operations, passing context between components, and often logging intermediate states. Each of those moments is a potential exposure point. TEEs close that window. The computation happens inside a hardware-isolated environment that can cryptographically prove its own integrity to any party that asks — a capability called attestation.

Attestation is what makes Confidential Computing different from every other privacy-enhancing technology. It doesn’t just claim security. It proves it.

That distinction matters increasingly as AI systems grow more autonomous. An agent that can attest its own execution environment gives organizations something they don’t have today: a verifiable chain of trust from silicon to output.

The adoption signal is already there

IDC’s July 2025 study surveyed 600 IT leaders across 15 industries and found that 75% of organizations are already using or piloting Confidential Computing — 18% in full production and 57% actively testing. Another 19% plan to deploy within 24 months.

That trajectory is being accelerated by two forces happening simultaneously.

The first is regulatory. The EU Digital Operational Resilience Act (DORA) mandates that financial institutions maintain high standards of availability, authenticity, integrity, and confidentiality for data whether at rest, in use, or in transit. “In use” is the new requirement — and Confidential Computing is one of the few technologies positioned to satisfy it. IDC found that 77% of organizations are more likely to consider Confidential Computing specifically because of DORA’s requirements.

The second is the agentic AI wave itself. Agentic AI doesn’t just process sensitive data — it reasons across it, combines it, and acts on it in ways that amplify both the value and the risk. Organizations that want to deploy AI agents in regulated environments — healthcare, financial services, government — need a security architecture that can operate at that level of autonomy. Confidential Computing is the layer that makes that possible.

The two forces compound. Regulation creates urgency. AI creates the use case. Confidential Computing provides the infrastructure.

Where most organizations are still stuck

Despite the adoption momentum, IDC’s research surfaces a telling pattern: the barriers to Confidential Computing are no longer about whether it works. They’re about how to implement it.

The top challenge cited by 85% of respondents was validating attestation chains of trust. Seventy-eight percent flagged that it still carries a reputation as a niche technology with limited proof points. Seventy-five percent pointed to skills gaps.

These are solvable problems. But they’re not solved by waiting for the technology to simplify on its own. They’re solved through community — through practitioners sharing what they’ve built, security architects exchanging what they’ve learned, and vendors demonstrating real deployments against real threat models.

That’s precisely what CC Summit 2026 is designed to produce.

The question that matters now

75% of organizations are piloting or deploying Confidential Computing. The regulatory window is narrowing. Agentic AI is already running in production environments across every major industry.

The organizations moving fastest are the ones who stopped asking whether they need this security layer and started asking how to build it.

If you’re responsible for AI infrastructure, security architecture, or data governance in a regulated or high-stakes environment, that’s the conversation happening at CC Summit 2026.

Don’t let your security architecture fall behind your AI capabilities. The blueprints for the future of data security are being drawn right now—and you need to be in the room.

  • Secure Your Spot: Register today for the Confidential Computing Summit 2026 to connect with enterprise peers, explore real-world deployment frameworks, and solve the attestation and skills gaps holding your organization back.
  • Get Involved: Shape the standard for secure, autonomous AI. Learn how you can contribute to open-source initiatives, collaborate with industry leaders, and join the mission by becoming a part of the Confidential Computing Consortium.

May 05

Welcome to the April 2026 Newsletter

By Newsletter No Comments

TL;DR — What’s in This Issue

  • Google Cloud announced new Confidential VM support (G4 & C4) featuring NVIDIA Blackwell GPUs and Intel 6th Gen Xeon processors to secure AI workloads.
  • A modernized CCC website and customer experience project is underway, targeting a June rollout.
  • Gramine and Enarx completed annual reviews, with Gramine expanding its scope to Intel TDX VM isolation.
    • The Trustworthy Workload Identity (TWI) SIG is advancing IETF standards to help apps adopt CC without rewriting identity layers.
  • New case studies were released from TikTok (ManaTEE data clean rooms), Bosch (Hermetik data sharing), and Symphony (secure financial collaboration).
  • The 2026 Academic Research Grant program opens May 1st, and registration is open for the Open Source Summit NA and Confidential Computing Summit.

From the Executive Director 

Hello Community Member,

After a very successful OC3 last month (see our March newsletter for details), the big news is that the CCC will be a Diamond Sponsor for this year’s Confidential Computing Summit at the Mint in San Francisco on 23-24 September, hosted by Opaque and the Linux Foundation. The Call for Proposals has already closed and the schedule should be announced shortly – so please head over to check it out.

As well as conferences devoted to Confidential Computing, I’m pleased to see increasing interest in Confidential Computing at industry events around the world.  As well as CC appearing as a topic at blockchain and Web3 conferences (addressing use cases that appear to be gaining significant traction in those sectors), we’re seeing it turning up in other interesting places, as well: Open Source India (Mumbai, 16-17 June) has four separate sessions on different aspects of Confidential Computing.

We’re always looking to highlight Confidential Computing across the world, so if you’re aware of sessions, conferences, webinars or workshops where CC is featured, please get in touch!  Equally, if you’re organising any sort of gathering or meet-up where the attendees might be interested in learning more about any aspect of Confidential Computing and how it can be used, please let us know: we love finding ways to spread the word!

From the Outreach Committee Chair

April bloomed bright with opportunities to reimagine the Confidential Computing Consortium  website and overall customer experience. A new and modernized customer experience has been drafted and introduced to the consortium.There is a lot of excitement around this from multiple partners across the consortium. The goal is to see a complete redesign that can be rolled out in June.If you would like to provide insights, we welcome them! Contact either Rachel or myself to join this workstream.

The CCC Outreach session in OC3, Creating Global Standards for Confidential Computing, is now live on Youtube. Member companies from the Confidential Computing Consortium shared how they and their customers use Confidential Computing to enable their business:

  • Symphony leverages Google Cloud Confidential Space to provide secure, cloud-native data processing and collaboration for financial institutions, ensuring that sensitive data remains isolated from the cloud provider and system administrators.
  • Google is transforming digital advertising with Confidential Matching, utilizing TEEs to allow advertisers and platforms to match data and perform retargeting without either party ever gaining access to raw personally identifiable information (PII).
  • Bosch introduced Hermetik, a trustworthy collaboration service built on Intel TDX that enables secure, multi-party data sharing and shared governance across the automotive, healthcare, and manufacturing sectors.
  • Huawei showcased their Kunpeng AI solution, which extends Trusted Execution Environments to hardware accelerators like GPUs and NPUs, allowing for high-performance AI processing while maintaining full data protection.
  • Super Swarm by Super Protocol is pioneering a standard protocol called “HTTPS for AI” that provides verifiable privacy for clinical AI and has demonstrated the ability to reduce complex compliance audit times from four weeks down to just two hours.
  • TikTok shared their ManaTEE approach, an open-source two-stage data clean room that enables developers to build AI models using synthetic data before executing them against sensitive real-world data within a secure TEE.

Outreach Resources

From the TAC

We had a productive April in the TAC. We’ve made progress on our enterprise integration blueprints and should have some of them published next month. We also featured annual reviews from two of the CCC’s longest-running projects, Enarx and Gramine. We also had a tech talk from one of our newest SIGs on trustworthy workload identity for replicated workloads.

Enarx remains the CCC’s only TEE-agnostic, WebAssembly-based runtime — a single workload binary that runs unmodified across SGX, SEV-SNP, and other TEEs. Richard Zak continues to maintain the project, and the TAC heard that companies are still actively reaching out about the TEE-agnostic, WASM-based isolation model Enarx pioneered. Anyone evaluating cross-TEE portability or looking to contribute should engage with the project — the architecture is differentiated and the door is open for new collaborators.

Kailun Qin and Mona Vij presented the Gramine annual review, with Don Porter. Gramine continues to see broad production adoption as the leading LibOS for lift-and-shift Linux workloads in TEEs. The project recently won the ACSAC Cybersecurity Artifact Award and has expanded scope from SGX process isolation to TDX VM isolation, reusing a substantial portion of its hardened LibOS to offer a tighter security footprint than general-purpose Confidential VMs (see the Gramine-TDX paper at ACM CCS). With a healthy user base and a clear technical roadmap, Gramine is well positioned for new contributors and sponsoring members to step in alongside the existing maintainers.

Tech Talk: Trustworthy Workload Identity for Replicated Workloads (April 16). Mark Novak (JPMorgan Chase), chair of the CCC Trustworthy Workload Identity (TWI) SIG, presented the SIG’s work on extending workload identity to replicated workloads — binding identities to attested workload instances using RATS-based remote attestation. The work feeds the IETF WIMSE draft (draft-ccc-wimse-twi-extensions) co-authored across JPMC, Arm, and Fraunhofer SIT, and is aimed at letting existing applications adopt Confidential Computing without rewriting their identity layer.

You can always find historical minutes, materials, and links to recordings in our governance repo.

Recent News

  • At 2026 Google Cloud Next conference, Google has announced Confidential Computing support for G4 VMs in partnership with NVIDIA, featuring NVIDIA RTX PRO 6000 Blackwell Server Edition GPUs on Google Compute Engine (GCE) Confidential G4 VMs, available in preview globally, to help strengthen confidentiality and integrity for a wide spectrum of sensitive AI workloads. In partnership with Intel, Google is introducing the preview of C4 Confidential VMs, bringing Intel TDX to 6th Gen Xeon processors to help protect diverse AI and analytics workloads while providing industry-leading compute density and performance. Read more: https://blogs.nvidia.com/blog/google-cloud-agentic-physical-ai-factories/
  • CCC members Invary, Anjuna Security, and Phala will present at Confidential AI Systems on May 6, a free virtual event exploring how enclaves, attestation, and AI agents work together to protect sensitive data. Register here.
  • The CFP is now open for the CCC Academic Research Grant Program 2026. Up to two awards will support practical research advancing confidential computing, with focus areas including scalability challenges, privacy-focused applications, and security hardening and verification.May 1: Applications open | June 1: Applications close | July 1: Recipients announced. Learn more
  • CCC will be at Open Source Summit North America. Join Mike Bursell and Christopher Robinson (OpenSSF) for a session on the “taxonomy of personae” impacting security. Save $699! Use code SPRING when you register.May 19 | 2:10pm | Session details | Register now.

Secure AI will be a key focus at the Confidential Computing Summit, taking place June 23–24 in San Francisco. CCC is a Diamond Sponsor for this year’s event, which brings together global leaders working on privacy-preserving, production-ready AI.
Learn more and register.

Apr 10

Securing the Agentic Future: The CCC Responds to AI Security Consultations on Both Sides of the Atlantic

By Blog No Comments

The Confidential Computing Consortium (CCC) has recently submitted formal responses to two major government consultations on AI security: the US National Institute of Standards and Technology (NIST) Request for Information on the secure development and deployment of AI agent systems (NIST-2025-0035), and the UK Government’s Department for Science, Innovation and Technology (DSIT) Call for Information on Secure AI Infrastructure. Taken together, these responses make a consistent and compelling case: as AI systems become foundational to national security, public services, and economic competitiveness, hardware-enforced trust must become a foundational layer of AI infrastructure.

A Shared Threat Landscape

Both responses begin from the same premise: AI agent systems face a category of risk that conventional cybersecurity tools were not designed to address. The threats are not merely traditional data breaches, they target the unique characteristics of AI itself.

Key risks highlighted across both submissions include:

  • Model weight theft, where proprietary model weights can be exfiltrated through API abuse or direct memory dumps by malicious insiders or compromised infrastructure
  • The infrastructure trust gap, where standard cloud security protects against external attackers but leaves model weights and inference data accessible to the cloud provider’s hypervisor or privileged administrators
  • Memory scraping and cold boot attacks, which can extract sensitive context, credentials, or cryptographic material from unprotected RAM
  • Memory poisoning, where adversarial content injected into an agent’s long-term memory is triggered later, with the temporal gap between injection and execution making detection very difficult
  • MCP-specific threats (highlighted in the NIST response), including shadow servers, tool poisoning, and confusion attacks that undermine the integrity of agent-to-tool communication
  • “Confused deputy” attacks in multi-agent systems, where a compromised agent manipulates another into sharing sensitive data without adequate authentication

Why Confidential Computing Is the Answer

The central recommendation of both responses is that protecting AI systems requires moving beyond perimeter-based controls toward architectures rooted in hardware-enforced trust; specifically, attested, hardware-based Trusted Execution Environments (TEEs).

Confidential Computing addresses several of these risks directly:

  • Data-in-use protection encrypts agent memory and model weights during processing, ensuring that even cloud providers and privileged infrastructure operators cannot access sensitive workloads
  • Remote attestation cryptographically verifies that the correct, unmodified agent code is running on a genuine, trusted platform before any secrets are released, providing technical guarantees rather than mere contractual assurances
  • Cryptographically assured workload identity gives each agent an ephemeral identity rooted in hardware attestation, replacing static API keys with dynamic, verifiable credentials
  • Key Broker Services release decryption keys and credentials only after successful attestation, meaning that if the environment doesn’t match an approved policy, keys are simply not released
  • Confidential Inference (highlighted in the UK response) keeps user prompts encrypted in transit, decrypting them only inside an attested TEE, preventing cloud operators or intermediaries from accessing prompt contents

The UK response also draws attention to the need to extend these protections to accelerators such as GPUs, which in multi-tenant environments represent a significant attack vector, and to future-proof the transport layer against “Store Now, Decrypt Later” attacks using Post-Quantum Cryptography (PQC).

Looking Ahead: Agentic Zero Trust and Standardisation

As AI agents become more capable and autonomous, potentially holding wallet keys, signing transactions, and communicating with other agents, the CCC’s responses call for a shift toward what we describe as Agentic Zero Trust: a model where every inter-agent interaction is cryptographically authenticated, and where an agent’s identity is bound to its code measurement rather than a pre-shared secret.

Both responses also call on governments to take an active role in standardisation. The NIST response urges the US to define clear “Confidential AI” assurance levels so that AI providers can credibly demonstrate they are technically unable to access user data. The UK response similarly highlights the need to standardise attestation reports across hardware vendors – AMD, Intel, Arm, and NVIDIA – to enable a unified root of trust across the UK AI sector.

On the supply chain side, the NIST response raises a specific concern: MCP authentication is currently optional by design and package signing is inconsistently required, creating risks at every startup. Both responses make clear that governance assurances are not a substitute for cryptographic guarantees.

Read the Full Responses

These are just highlights from two detailed submissions that together cover threat modelling, technical controls, patching challenges for stateful agents in TEEs, monitoring constraints imposed by Confidential Computing, and much more.

Read the CCC’s full response to NIST-2025-0035 →

Read the CCC’s full response to the UK Government’s Secure AI Infrastructure Call for Information →

Apr 09

Confidential computing resurfaces as security priority for CIOs
Apr 07

Welcome to the March 2026 Newsletter

By Newsletter No Comments
March2026

TL;DR — What’s in This Issue

  • Confidential Computing gained strong visibility this month through OC3, GTC, and KubeCon EU, reflecting a maturing ecosystem with more open discussion of technical, regulatory, and strategic challenges.
  • The TAC advanced key policy and technical work, including responses to NIST and UK government consultations and progress on guidance documents to help organizations adopt Confidential Computing more effectively.
  • Looking ahead, engagement opportunities continue to grow, including CCC resources for members and the upcoming CC Summit 2026, with session and panel proposals due April 8.

From the Executive Director 

Hello Community Member,

One of the big Confidential Computing conferences of the year happened this month: OC3 in Berlin (and virtual).  The CCC was a sponsor and had two sessions in a packed program – one on regulations and standards (which I presented in person) and one introducing the work of the consortium (which was presented remotely by Rachel Wang, vice chair of the Outreach Committee).  There were, however, multiple sessions by CCC members, including, of course, Edgeless Systems, who run the event.  A number of people have commented on how the industry and ecosystem seem to be maturing, but also on the honesty of many of the sessions.  This might seem to be an odd word to use, but as an industry becomes more established and sure of itself and its future, it makes sense that we can discuss challenges that we face – regulatory, technical, tactical and strategic – in the knowledge that these are not existential threats, but issues that can be openly explored and don’t need to be hidden.

One of the most important parts of the CCC’s mission is allowing organizations and experts from across the industry and ecosystem to work together to resolve these sorts of challenges.  As a part of the Linux Foundation, and with our anti-trust policy firmly in place since our foundation, our committees and special interest groups (SIGs) offer a safe place to discuss and work on tricky issues.  We also strive to provide a safe and welcoming set of spaces for all types of discussion.  While members may not always agree with each other (it would probably be more worrying if they did!), we attempt to navigate the various viewpoints that come up and, where we need to express an opinion or publish materials, to work towards a consensus.  Please join one of our meetings to find out more – or catch up with previous meetings by watching them on our YouTube channel.

Outreach

As Mike mentioned above, this month marked an exciting time for Confidential Computing awareness! 

OC3 brought together the Confidential Computing community in Berlin for 27 talks spanning hardware, cloud platforms, attestation, and AI. Our event recap highlights key themes, insights, and takeaways from the conversations shaping the future of confidential computing. Read the recap.

At GTC, the CEO of NVIDIA highlighted the “incredible importance” of Confidential Computing in his keynote and shared how security across the whole stack was required to drive AI and data sovereignty advancements. Intel and others also showcased real world examples of Confidential Computing on the show floor and across multiple co-hosted sessions that featured thought leaders from Google, NVIDIA, Opaque and the Technology Innovation Institute (TII). The GTC Shift that Put Confidential AI at the Center of Everything podcast by Opaque highlighted the news around CC and how it is securely advancing AI around the world.

At KubeCon EU, we saw a new announcement from Red Hat and NVIDIA around the Cloud Native Computing Foundation’s (CNCF) Confidential Containers community, in addition to a tech preview for the GPU on OpenShift.

And a reminder that CC Summit 2026, which is coming June 23-24 to SF, has opened their Call for Proposals HERE. The deadline is April 8th to get the Session Presentation (25 Minutes Including Q&A) and Panel Discussion (25 Minutes Including Q&A) proposals submitted. Notifications of acceptance will be shared on May 4th.

Outreach Resources: 

From the TAC

The TAC has had a productive March focusing on industry-level guidance and regulatory engagement. We successfully finalized and submitted our response to the NIST RFI regarding AI safety and security standards. Furthermore, we concluded our response to the UK Government’s Call for Evidence on AI and data privacy, emphasizing the critical role of Confidential Computing in securing sensitive workloads across international borders. These efforts ensure the Consortium’s technical perspective is represented in the frameworks that will govern the next generation of computing infrastructure.

Internal workstreams have made substantial progress on our suite of technical guidance documents. We are nearing completion on two of the three documents we outlined last month. This month also saw the launch of a fourth technical document focused on integration levels. This new workstream aims to clarify the role of integration in realizing the benefits of Confidential Computing – helping organizations navigate the technical trade-offs between security depth and operational ease.

These documents directly address the implementation challenges identified in recent market research, particularly the need for standardized paths to bridge the industry-wide skills gap. As the market moves beyond early pilots, providing these clear, architecturally agnostic roadmaps is the TAC’s primary focus. We invite all technical representatives from our member companies (and unaffiliated experts) to join these weekly sessions to ensure our guidance reflects the full breadth of the current landscape.

Recent News

  • OC3 Recap
    • At OC3 2026, the global Confidential Computing community gathered in Berlin and online to discuss how the ecosystem is advancing secure computing for AI, cloud infrastructure, and protecting sensitive data in use. Our event recap highlights key themes, insights, and takeaways from the conversations shaping the future of confidential computing. Read the recap.

Let’s grow our community!  Share this with your network.

Subscribe to CCC Newsletter

Mar 18

The Network Effect of Trust: How Open Collaboration is Unlocking the Next Frontier of Compute

By Blog No Comments

By Laura Martinez, Chair of Outreach Committee, Confidential Computing Consortium

In mid-October of last year, many experts arrived in SF for a mini Confidential Computing Summit. They each shared stories of how they are revolutionizing their industries through something as innocuous sounding as Confidential Computing.

Last week at the Open Confidential Computing Conference, top tech experts joined forces to tackle one massive challenge: building the highly secure, next frontier of trusted infrastructure. Historically, tech companies kept their security strategies locked down as a competitive advantage. But this event flipped the script.

Moving Beyond Moats: The Power of Open Ecosystems

Thanks to the ongoing vision within the Confidential Computing Consortium (CCC) and thought leaders that span every industry, there is a shift away from private security “moats” toward a shared foundation. I was an early convert to the vision of Confidential Computing and how it could and would change the world for good. It is the new business enabler that will drive the next wave of global tech innovation.

This year highlighted a fundamental shift of the modern digital economy: no single organization can solve the challenge of “data in use” in isolation – you need to lower the drawbridge to collaborate securely. True scalability requires an open-source ethos, on open standards and shared frameworks. All of this works together to enable the next frontier of technology while securing it for future generations.

Key strategic themes from the event include:

The AI-Trust Convergence: As generative and agentic AI move into the enterprise, the demand for trusted execution environments (TEEs) has shifted from “niche” to “necessity.”TEEs unlock privacy-preserving LLMs, allowing organizations to innovate with sensitive data without compromising intellectual property. Confidential Computing is helping us get there by fulfilling the need for flexible zero trust architectures.

Regulatory Interoperability: Through ecosystem-wide collaboration, the industry is proactively addressing global standards and regulations. This collective approach reduces friction, ensuring that security architectures are interoperable across borders and cloud providers such as the real-world Bosch Hermetik trusted collaboration environment which allows stakeholders, such as automotive manufacturers and suppliers, to jointly train AI models and integrate software pipelines without exposing their proprietary source code or intellectual property.

Shift to Industrial-Scale Production: We have moved past the “proof of concept” phase. From healthcare and enterprise systems to the decentralized frontiers of Web3, Confidential Computing is now powering live, mission-critical production environments. TikTok, for example, has showcased their innovations in confidential computing, particularly hardware-based TEEs, to protect sensitive user data while it is being processed, safeguarding AI tasks, and enabling secure, multi-party data analytics through its open-source ManaTEE data clean room.

Attestation as the New Currency of Business: The focus on rigorous attestation and verification frameworks proves that transparency is the bedrock of distributed systems. Intel, Edgeless Systems, NVIDIA and others covered the opportunities in moving toward a model where “trust” is computationally verified rather than just contractually assumed. I believe the next frontier of attestation services (verifiability that the entire TEE stays secure through all phases of use) will be attesting the workload while it is running at every company using Confidential Computing today. 

A Collective Vision for the Future

The CCC serves as the vital hub for this evolution. Industry participants across hardware, cloud, and software such as NVIDIA, IBM, Intel, AMD, Google, Microsoft, TikTok and others are contributing to the open collaboration and standards development that advance Confidential Computing. When we foster a space for shared innovation across open-source and interoperable frameworks, we are collectively lowering the barrier to entry for secure computing. Together we can accelerate the maturity of the entire market, creating a “rising tide” that enables every participant to build more ambitious, secure, and sovereign technology solutions.

We extend our gratitude to the contributors and visionaries who are turning this collaborative spirit into a world safe for exchanging digital information. To learn more about the CCC and fostering that future together, reach out to us at: Confidential Computing Consortium.

Mar 02

Welcome to the February 2026 Newsletter

By Newsletter No Comments
FebNewsletter

TL;DR — What’s in This Issue

  • The TAC and ED are currently focused on Agentic AI security, including a response to the NIST Request for Information, and establishing digital sovereignty as a key focus area.
  • The consortium welcomed two new members, Invary and Modelyo, signaling continued growth and industry adoption of Confidential Computing.
  • Upcoming industry events, OC3 and GTC, will feature presentations and demonstrations showcasing real-world CC and Secure AI use cases.
  • A new benefit was introduced for Premier Members: an annual podcast with the Executive Director to discuss thought leadership and open source innovations.
  • Get involved. Upcoming events, open blog submissions, a growing job board, and multiple ways for members to contribute and amplify CCC work.

From the Executive Director

After a busy start to the year, February continues to bring lots to do. As well as kicking off the work in the Regulators and Standards SIG (more information about how to get involved in this and all of our other committees here), the TAC has been busy supporting their work by creating a response to a NIST request for information around security for Agentic AI. With the UK asking similar questions, it’s clear that our decisions to put work into Regulators and Standards and to have Agentic AI as one of our focus areas were both correct.

Alongside Agentic AI, another focus area we identified at the end of the year is digital sovereignty. While this is typically associated with national sovereignty – governments setting rules around data and applications that are important to citizens and businesses in a particular country – it’s also clear that more organizations are using similar language and thinking to understand how to isolate parts of their business operations from external actors and even different divisions or parts of their organization. Confidential Computing has a strong part to play here and we welcome input from our members and the ecosystem on how best to communicate this across governments and the enterprise.

Finally, we recently agreed a new benefit for Premier Members: an annual podcast with the Executive Director for each qualifying member to discuss pretty much anything around Confidential Computing from thought leadership to new technologies, from business models to open source innovations. I’m really looking forward to these conversations – keep an eye out of them as we start to record and publish them.

Oureach

We continue to see strong momentum across every vertical, driven by increasing global adoption of Confidential Computing (CC) and Secure AI. This growth, and the expanding set of real-world use cases, will be on full display at upcoming events, including OC3 on March 13 (hybrid: Berlin and online) and GTC the week of March 17.

We’re excited to share this moment with our consortium members and the broader community, especially as open source CC projects translate into production deployments across industries. At GTC, NVIDIA will showcase protections for proprietary large language models running in production, and Intel and Microsoft will feature compelling CC demonstrations at their booths.

Alongside these events, we’re equally excited to welcome new members Invary and Modelyo to the consortium this month. If you missed our February announcements, you can catch up below.

Welcoming Invary as a General Member of the Confidential Computing Consortium

  • Invary is a cybersecurity company focused on continuous Runtime Integrity attestation, enabling organizations to verify that systems remain in a trusted state throughout execution, not just at boot. This capability is increasingly critical for confidential computing environments, where trust must persist across the full workload lifecycle.
  • Joining the Confidential Computing Consortium allows Invary to collaborate with industry leaders who are shaping the future of trusted execution.Through CCC participation, Invary aims to help advance industry understanding of runtime integrity and contribute to standards that support verifiable trust throughout the workload lifecycle.

Welcoming Modelyo as a Start-up Member of the Confidential Computing Consortium

  • Modelyo is a confidential computing platform built for government and regulated industries, where strong security guarantees and data sovereignty are essential. The platform uses OpenStack together with Intel SGX and Intel TDX to enable organizations to run sensitive workloads with hardware-level protection, while maintaining full control over their infrastructure and data.
  • Through participation in the consortium, Modelyo aims to contribute practical deployment experience to the broader community, helping accelerate adoption and improve operational understanding of confidential computing in regulated contexts.

Outreach Resources: 

Upcoming Events:

  • OC3, March 12, 2026 (Hybrid: Online + Berlin)

From the TAC

February was a productive month for the TAC, with two meetings (February 5 and February 19) focused on advancing guidance documents, responding to government requests for information, and continuing our popular Tech Talk series.

A major focus this month has been the TAC’s collaborative response to a NIST Request for Information on security for Agentic AI. The team worked through the document across both meetings, agreeing to attribute it to the CCC as a whole and to focus specifically on where Confidential Computing is relevant. With the UK government issuing a similar call for information, the group explored whether the NIST response could be adapted for the UK submission as well, and Mike encouraged member companies to also submit their own responses.

On the guidance documents front, Simon and Rene are leading the effort to draft concise, adoption-focused guidance documents with executive summaries and optional detailed sections. The goal is to have drafts ready for TAC review, continuing the Board’s mandate to deliver more practical technical guidance that helps organizations adopt Confidential Computing.

We also received a project update on OpenVMM from Caroline (Microsoft). While OpenVMM is not yet fully open source due to its use in millions of production Azure VMs, Microsoft is committed to migrating it to a neutral GitHub organization to meet CCC requirements, and the team is working through the complexities of that transition.

Fritz led a discussion on the format and content of TAC Tech Talks going forward. The group agreed to maintain a diverse mix of presentations, including academic research, open source project discussions, technical introductions, and architectural reviews, while establishing clearer guidelines for timing and content. If you’d like to nominate a talk, Fritz is the point of contact; the emphasis is on community value rather than marketing.

Finally, we welcomed several new community members to the TAC this month, including Benny Meir, Jordi Guijarro, Zhiqiang Lin, and Tom Jones, a sign of the continued growth and interest in the TAC’s work.

Join us at our meetings on alternating Thursdays at 7 am Pacific time. You can look up the meeting in your own timezone using the CCC Calendar. Recordings of past meetings are available on the YouTube TAC Playlist.

Let’s grow our community!  Share this with your network.

Subscribe to CCC Newsletter

Feb 13

Welcoming Modelyo as a Start-up Member of the Confidential Computing Consortium

By Blog No Comments
ModelyoMembership

The Confidential Computing Consortium (CCC) is pleased to welcome Modelyo as a new Start-up Member of the community.

About Modelyo

Modelyo is a confidential computing platform built for government and regulated industries, where strong security guarantees and data sovereignty are essential. The platform uses OpenStack together with Intel SGX and Intel TDX to enable organizations to run sensitive workloads with hardware-level protection, while maintaining full control over their infrastructure and data.

Modelyo’s work focuses on bridging strict security and compliance requirements with the flexibility of modern cloud infrastructure. This approach is particularly relevant for organizations that cannot compromise on sovereignty, regulatory alignment, or trust in how their systems handle sensitive data.

Why Modelyo Joined CCC

Modelyo brings direct, hands-on experience deploying confidential computing technologies in government environments. Their team has worked extensively with trusted execution environments (TEEs) in private cloud deployments and has built attestation workflows designed to meet real regulatory requirements, not just theoretical models.

Joining CCC is a natural next step in that work. Through participation in the consortium, Modelyo aims to contribute practical deployment experience to the broader community, helping accelerate adoption and improve operational understanding of confidential computing in regulated contexts.

What Modelyo Hopes to Contribute and Gain

Modelyo is particularly interested in collaborating on interoperability standards and contributing to efforts that make confidential computing easier to deploy, integrate, and trust across diverse environments. They are also looking forward to engaging with the wider CCC ecosystem, including hardware vendors, cloud providers, and system integrators who are shaping the future of this technology.

Modelyo is currently evaluating several CCC-hosted projects for potential integration and looks forward to contributing more actively as their involvement in the community deepens.

Member Perspective

“Confidential computing is moving from an emerging technology to essential infrastructure, especially for government organizations that need strong guarantees around data protection. We joined CCC to contribute what we’ve learned deploying these solutions in the field and to help shape the standards that will make confidential computing more accessible and trustworthy across the industry.” — :Artem Barger, VP of R&D, Modelyo

The CCC community is excited to welcome Modelyo as the newest Start-up Member of CCC and look forward to the perspective and practical experience they bring to the community.

Feb 06

Welcoming Invary as a General Member of the Confidential Computing Consortium

By Blog No Comments

Invary

The Confidential Computing Consortium (CCC) is pleased to welcome Invary as a new General Member of the community!

About Invary

Invary is a cybersecurity company focused on continuous Runtime Integrity attestation, enabling organizations to verify that systems remain in a trusted state throughout execution, not just at boot. This capability is increasingly critical for confidential computing environments, where trust must persist across the full workload lifecycle.

Invary leverages technology exclusively licensed from the NSA’s Laboratory for Advanced Cybersecurity Research to continuously verify kernel integrity, eBPF programs, and trusted execution environment (TEE) operations. These protections span physical hosts, virtual machines, confidential VMs, containers, and processing units, providing cryptographic proof of integrity from launch through termination.

Runtime Integrity is available as a SaaS offering or for on-premises deployment and integrates with existing SIEM and SOC workflows. By delivering verifiable trust signals, Invary’s technology complements hardware-based isolation controls across hybrid cloud, containerized, and multi-tenant environments.

Why Invary Joined CCC

As confidential computing adoption grows, ensuring trust during runtime has become a foundational requirement rather than an optional enhancement. Invary’s work addresses a critical gap by extending integrity verification beyond initial attestation and into continuous execution.

Joining the Confidential Computing Consortium allows Invary to collaborate with industry leaders who are shaping the future of trusted execution. Through CCC participation, Invary aims to help advance industry understanding of runtime integrity and contribute to standards that support verifiable trust throughout the workload lifecycle.

What Invary Hopes to Contribute and Gain

Invary is particularly interested in collaborating on runtime attestation standards and interoperability efforts that strengthen confidential computing deployments in real-world environments. The company brings hands-on experience securing complex infrastructure across diverse execution models and looks forward to sharing practical insights with the CCC community.

Through engagement with CCC members across hardware, cloud, and security domains, Invary aims to help accelerate adoption of confidential computing by making continuous verification more accessible, operational, and trustworthy.

Hear from Invary 

“Runtime Integrity attestation provides continuous verification that systems remain in a known-good state throughout execution,” said Jason Rogers, CEO of Invary. “For confidential computing to deliver on its security promise, continuous verification is essential.”

The CCC community is excited to welcome Invary as a General Member and looks forward to the expertise and perspective they bring to advancing confidential computing.

Feb 02

Welcome to the January 2026 Newsletter

By Newsletter No Comments
JanNewsletterCCC

TL;DR — What’s in This Issue

  • 2026 momentum is real. CCC kicks off the year with new leadership for the Regulators & Standards SIG, expanding member activity, and a clear shift from awareness to real-world confidential computing deployments.
  • Stronger outreach, sharper storytelling. The Outreach Committee aligns on a more strategic, full-stack approach to technical thought leadership, events, and member-driven content for 2026.
  • More practical technical guidance ahead. The TAC is focused on delivering adoption-focused technical guidance and kicked off the year with a deep dive on browser-based remote attestation.
  • Industry validation continues. New NVIDIA coverage underscores accelerating confidential computing adoption across CPUs, GPUs, and interconnects, matching what CCC research is already showing.
  • Get involved. Upcoming events, open blog submissions, a growing job board, and multiple ways for members to contribute and amplify CCC work.

From the Executive Director 

Hello Community Member,

Welcome to the New Year (that’s if you follow the Gregorian calendar, of course). I can’t remember a more busy January for the Confidential Computing Consortium. We already have three articles on our blog – do have a look. We’ve also elected a Chair (Solomon Cates, Google Cloud) and Vice Chair (Michael Guzman, JPMC) to our newly-created Regulators and Standards Special Interest Group. I’m hearing from multiple members that they expect this year to be an important and busy one around Confidential Computing, and we want to ensure that the Consortium is the place for everyone to learn about, grow and improve the ecosystem.  Our Outreach and Technical Advisory Committee have new initiatives as we move from a phase of people discovering Confidential Computing to planning and rolling out deployments.

You’ll read in the article Protecting Agentic AI Workloads with Confidential Computing how important Confidential Computing is for Agentic AI, and you can expect more articles around both technical issues related to CC and applicability to particular use cases and sectors.  If you’re a member of the CCC, we welcome articles, particularly around use cases or technical issues: please contact the Outreach Committee, who manage our blog and content schedules.

On a final note, the New Year is a time when lots of people are looking for new roles, and we have a job board of Confidential Computing related jobs.  Again, if you’re a member, you (or your HR department!) can post roles there for free. This benefits the entire ecosystem, giving you a chance to expose interesting roles within your company while acting as a single aggregation point for job seekers.

Outreach

The Outreach Committee began 2026 by aligning on a more integrated and strategic approach to marketing and member engagement, led by the new Outreach Chair Laura Martinez and Vice Chair Rachel Wan, together with active participation from committee members. The committee is prioritizing full-stack Confidential Computing, and Secure and Sovereign AI awareness through sharing our expertise across the engagement spectrum. Specific focus will be around technical thought leadership, coordinated storytelling across tied to strategic events, and stronger activation of content brought in from member expertise. Technical blogs continue to be the highest-performing channel, and work is underway to develop a structured 2026 content calendar spanning blogs, newsletters, and event amplification.

Key updates this month include early planning for annual Outreach OKRs with mid-year reviews, progress on a unified outreach and events calendar, and continued promotion of the IDC white paper as a core thought-leadership asset. 

Looking ahead, the Outreach Committee will deepen coordination with other CCC committees to surface technical content earlier, expand member participation in blogs and newsletters, and align outreach efforts with major industry milestones. Members are encouraged to submit technical blog ideas, company updates, job postings, and event announcements, and to continue amplifying CCC content across their networks.

Outreach Resources: 

Upcoming Events:

  • OC3, March 12, 2026 (Hybrid: Online + Berlin)

From the TAC

The TAC is kicking off 2026 focusing on a mission from the Board to deliver more technical guidance docs to help people adopt Confidential Computing. If you’d like to help shape the document, join us at one of our meetings on alternating Thursdays at 7 am pacific time. You can look up the meeting in your own timezone using the CCC Calendar.

We also had our first TAC Tech Talk of the year. Rüdiger Kapitza and Luca Preibsch gave a detailed presentation on the topic “Browser-based Remote Attestation”.They also discussed their follow-up work on runtime attestation and the possibility of using site certificates for attestation. You can watch this and previous talks on our Tech Talk Playlist.

Recent News

  • CCC Outlook for 2026: A Message from Executive Director Mike Bursell
    • Mike Bursell, Executive Director of the Confidential Computing Consortium, shares the CCC’s outlook for the year ahead and why momentum is accelerating across the ecosystem.
    • From growing regulator interest and AI security needs, to digital sovereignty, attestation, and a clear shift toward demand-side adoption, this post outlines where Confidential Computing is heading and how the CCC is focusing its work in 2026.
  • CCC Executive Director Mike Bursell Named to OpenUK New Year Honours List 2026
    • Congratulations to Mike Bursell, Executive Director of the Confidential Computing Consortium, on being named to the OpenUK New Year Honours List for 2026.This recognition celebrates his long-standing contributions to open source and his leadership in advancing confidential computing as a foundation for security, privacy, and trustworthy systems. Read the announcement.
  • Protecting Agentic AI Workloads with Confidential Computing
    • As AI systems become more autonomous, protecting agent identity and data becomes critical. This new blog from Mike Bursell explores a growing gap in AI security: Agentic AI systems can be tampered with unless their identity, workloads, and data are protected. It explains how Confidential Computing provides hardware-based isolation and attestation to help make autonomous agents more trustworthy and verifiable. Read the blog.
  • Nvidia Touts New Storage Platform, Confidential Computing For Vera Rubin NVL72 Server Rack
    • New coverage on NVIDIA’s Rubin NVL72 highlights a major shift: confidential computing is extending across CPU, GPU, and interconnects, enabling organizations to verify trust cryptographically rather than rely on contractual assurances. This momentum reflects what our ecosystem is already seeing. CCC and IDC research shows that 75% of organizations are adopting confidential computing, with production deployments accelerating across regulated and high-risk environments.
Subscribe to CCC Newsletter