Loading…
arrow_back View All Dates
Tuesday, June 23
 

9:20am PDT

Keynote: Attested, Transparent, Sovereign: The Evolution of Confidential Computing - Mark Russinovich, CTO, Deputy CISO and Technical Fellow, Microsoft Azure, Microsoft
Tuesday June 23, 2026 9:20am - 9:40am PDT
Over the past decade, Microsoft has helped move confidential computing from research into real-world cloud infrastructure, platforms, and services. In this keynote, Mark will trace that evolution through the expanding promises of confidential computing, from protecting individual workloads to enabling verifiable trust across entire systems. He will share examples from Microsoft’s adoption journey and discuss the next frontier: confidential sovereignty, where organizations can verify code, enforce policy, and retain control across compute, networking, and software supply chains.

Speakers
avatar for Mark Russinovich

Mark Russinovich

CTO, Deputy CISO and Technical Fellow, Microsoft Azure, Microsoft
Mark Russinovich is CTO, Deputy CISO, and Technical Fellow for Microsoft Azure, Microsoft’s global enterprise-grade cloud platform. A widely recognized expert in distributed systems, operating systems and cybersecurity, Mark earned a Ph.D. in computer engineering from Carnegie Mellon... Read More →
Tuesday June 23, 2026 9:20am - 9:40am PDT
Courtyard
  Keynote Sessions
  • Slides Attached Yes

1:45pm PDT

Confidential Tenancy: Towards Digital Sovereignty on Public Clouds - Antoine Delignat-Lavaud, Microsoft
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Digital Sovereignty is commonly interpreted as a legal concept - but can it be turned into a technical guarantee? We introduce a new sovereignty boundary within existing public cloud infrastructure built on (and generalizing) the concept of confidential computing, where a given workload is totally isolated from its surrounding shared infrastructure within a trusted execution environment (TEE), enforced and attested in hardware. Although the concept of TEEs applies to a unit of computation (e.g., a process, VM, or container), we propose to extend these security guarantees to an entire cloud tenant, i.e., a cloud account with all its resources – IaaS (i.e., VMs), PaaS (e.g., Kubernetes clusters), and SaaS (e.g., model-as-a-service endpoints) and its associated management layer, including its own identity, access control and key management services. Critically, we introduce virtual data diode (VDD), a novel primitive that allows confidential tenants to control all movements of data within and without their confidential tenancy, including traffic to shared infrastructure services. We also introduce new operator controls to ensure that support requests can be addressed when operators need access to logs or must perform manual maintenance actions on the tenant’s resources, while ensuring that all maintenance actions can be reviewed and approved by the confidential tenant. 

Speakers
avatar for Antoine Delignat-Lavaud

Antoine Delignat-Lavaud

Principal Researcher, Microsoft
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:00pm PDT

From Pixels To Agents: Optimizing On-Device Performance of Confidential Computing in AI Evolution - Savas Ozkan, Samsung Research UK, Samsung Electronics
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Unlike server-side confidential AI, on-device confidential AI must balance strong protection of sensitive personal data with efficient operation under limited computational resources.

In this talk, we explore the impacts of CC on on-device AI performance for various AI models and tools by identifying some root-causes. First, we recognise that CC overheads vary across AI models during critical operations such as data read/write, model loading and inference phases, supported by detailed experiments. Second, we investigate multiple designs for AI agent tools in CC, especially by considering different AI memory modules, that present distinct overheads compared to traditional AI models. To enable systematic evaluation, we develop a modular software framework integrated with the open-source ISLET CC project. This framework supports configurable benchmarking of AI agent tools, and will be publicly released to foster the reproducibility and collaboration within the CC community. Lastly, since these performance drops can negatively impact the user experience, we propose a set of techniques that minimise the overhead related with model loading while ensuring robust privacy protection.
Speakers
avatar for Savas Ozkan

Savas Ozkan

Engineering Manager, Samsung Research UK
Savas Ozkan received the Ph.D. degree from the Department of Electrical and Electronics Engineering, Middle East Technical University, Ankara, Turkey. Currently, he is leading Efficient Machine Learning Group at Samsung Research UK, focusing on on-device AI solutions for vision, language... Read More →
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Mint Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:30pm PDT

"If It's Shared, It's Vulnerable": Is Kubernetes the Right Platform for Confidential Compute? - Zvonko Kaiser, NVIDIA
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Kubernetes shares host kernels, network stacks, storage paths, and control planes across tenants. These shared primitives become attack surfaces when tenants cannot trust each other or the infrastructure operator.

We enumerate the threat surfaces in confidential Kubernetes deployments, from eBPF snooping and conntrack hijacking to hardware-assisted virtualization rootkits. We then present a production architecture that eliminates shared-trust assumptions by flattening the virtualization stack so every workload runs as a TEE-protected guest, gating all secrets, identities, and device access on a composite attestation chain, and wrapping each shared primitive in a hardened overlay for compute, network, storage, control-plane, identity, and observability.

Attendees will learn which Kubernetes primitives leak across tenant boundaries, how composite attestation closes those gaps, and practical steps toward true multi-tenancy in confidential Kubernetes deployments.
Speakers
avatar for Zvonko Kaiser

Zvonko Kaiser

Principal Systems Engineer, NVIDIA
Zvonko is a Principal Systems Engineer at NVIDIA, working on the Cloud Native Technologies team. Focusing right now on all things related to confidential computing, zero-trust, especially in the context of accelerators.
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Mint Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:30pm PDT

GKE Hypercluster: Kubernetes TEEs for AI at Scale - Komei Nakamoto & Keith Moyer, Google
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
GKE Hypercluster brings large-scale operation of Trusted Execution Environments to Kubernetes, and was co-designed with Anthropic to meet their security and scale. In this talk we explain the linked runner architecture that drastically reduces the Trusted Compute Base (TCB) by completely separating high-value workload execution from the standard container orchestration control plane. In this model, sensitive AI workloads are offloaded to a dedicated, “sealed” virtual machine. The Kubernetes scheduling and orchestration remains on a non-sealed "parent" node, preserving Kubernetes primitives (ie. Pods, Network Policy) and operational familiarity while achieving workload isolation. The execution environment is built on a hardened and attested OS, removing non-essential services and preventing administrative shell access. Integrity is guaranteed through attestation and container signature verification.

This design establishes a strict chain of trust, offers isolation from the Kubernetes operator and Cloud Service Provider, supports high-performance AI accelerators within the sealed boundary, and enhances scalability by managing isolated environments with a reduced system footprint.
Speakers
avatar for Keith Moyer

Keith Moyer

Technical Lead, Confidential Computing, Google
Keith Moyer is the Technical Lead for Confidential Computing at Google Cloud. He has spent the last 10 years dedicated to making verifiable trust accessible and useful, with over 20 years of experience spanning cloud security and embedded systems. He holds a BS in Computer Engineering... Read More →
avatar for Komei Nakamoto

Komei Nakamoto

GKE AI Security Tech Lead, Google
Komei is a software engineer at Google, and the Tech Lead for the GKE AI Security team focused on making GKE a secure platform for running AI workloads.
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Courtyard
  Breakout Sessions
  • Slides Attached Yes

4:00pm PDT

Agentic Zero Trust: at Rest, in Transit, and at Runtime - Nina Polshakova, Solo.io & Josh Halley, Cisco
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
AI workloads handle some of the most sensitive data in modern enterprises, from proprietary training datasets to user prompts and high-dimensional embeddings. Yet many AI pipelines are built without the rigorous security practices applied to traditional systems, leaving critical gaps.

Josh and Nina from the CNCF AI Working Group show how to apply Zero Trust principles to secure AI data at every stage: at rest, in transit, and in runtime. Attendees will learn why conventional approaches fail for AI, highlighting risks like prompt injection, embedding poisoning, and GPU memory leakage, and how Zero Trust, combined with confidential computing, provides a stronger security foundation.

We’ll demonstrate how agent identity, continuous attestation, and trusted execution environments (TEEs) enforce runtime trust, while encryption, fine-grained access control, and mTLS protect data at rest and in transit.

Attendees will gain actionable strategies for securing every stage of the AI data lifecycle using modern encryption, policy enforcement, and runtime hardening.
Speakers
avatar for Nina Polshakova

Nina Polshakova

Senior Principal Software Engineer, Solo.io
Nina is a software engineer at Solo.io, working on AI Gateway projects. She contributes to open source projects, including Kubernetes, Istio, kagent, agentgateway, and kgateway. A CNCF Ambassador and former Kubernetes v1.33 Release Lead, she’s also a member of the Cloud Native AI... Read More →
avatar for Josh Halley

Josh Halley

Principal Architect, Cisco
Josh Halley, is a Principal Architect and published technical author, in the office of the CTO at Cisco,
focused on next generation technologies and technical transformation for some
of Cisco’s largest global customers. His main focus today is in the domains of AI Operations, leading and supporting multiple teams in their generation of Agentic AI systems to support todays and tomorrows future technologies use cases... Read More →
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

4:00pm PDT

Running AI Agents Inside TEEs Without Losing Your Mind - Sonali Mishra, Nutanix
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
AI agents are making decisions, calling tools, and talking to other agents, often with access to sensitive data they shouldn't be able to see in plaintext. The usual answer is to just trust the infrastructure, but that falls apart in multi tenant clouds and cross org workflows. This talk covers what it actually takes to run agentic AI workloads inside Trusted Execution Environments. I'll walk through the architecture for isolating agent-to-agent communication using confidential VMs, how attestation works when agents need to dynamically invoke external tools, and the gotchas we hit around key management and session state. We'll look at real performance numbers and what the overhead looks like on GPU backed inference inside TEEs and where the bottlenecks actually are. Attendees will leave with a concrete reference architecture for deploying AI agents with hardware-rooted trust boundaries, plus practical guidance on attestation flows for multi-party agent pipelines. If you're building agentic systems that handle regulated or sensitive data, this talk gives you a starting point that doesn't require rearchitecting everything from scratch.
Speakers
avatar for Sonali Mishra

Sonali Mishra

Principal Product Manager - AI & Cloud Native, Nutanix
As a Principal Cloud Native at Nutanix, I am passionate about driving innovation and empowering organizations to build secure and resilient solutions in their cloud-native journey. With our significant presence in US government, I aim to ensure organizations can adopt Kubernetes securely... Read More →
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Mint Ballroom
  Breakout Sessions
  • Slides Attached Yes
 
  • Filter By Date
  • Filter By Venue
  • Filter By Type
  • Audience
  • Slides Attached
  • Timezone

Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date -