Loading…
Type: Breakout Sessions clear filter
arrow_back View All Dates
Tuesday, June 23
 

12:45pm PDT

From Perimeter to Silicon: Why Agentic AI Demands a New Security Model - Dan Middleton, NVIDIA & Raghu Yeluri, Intel
Tuesday June 23, 2026 12:45pm - 1:10pm PDT
As AI agents move from assistants to autonomous actors executing workflows, calling tools, and making decisions across sensitive infrastructure, every industry faces the same foundational question: how do we establish verifiable trust at every layer of the stack?
This session examines the full trust architecture agentic AI requires:
  • Cryptographic attestation that verifies data and model integrity inside secure enclaves
  • Integrity-protected agent identity generation and verification
  • Policy-enforced execution that maintains auditability with no human in the loop
Speakers from Intel and NVIDIA will share how the CCC's four new vendor-agnostic technical blueprints are making Confidential Computing deployable at enterprise scale.

Key Takeaways:
  • The CCC's strategic shift toward demand-driven technical excellence and what it unlocks for enterprise adopters
  • A technical overview of the four new guidance papers and the deployment bottlenecks they solve
  • How to map these reference architectures to your existing cloud-native and open-source pipelines

Speakers
avatar for Dan Middleton

Dan Middleton

Principal Software Architect, NVIDIA
Dan Middleton is a Principal Software Architect at NVIDIA, with deep experience driving innovation at the intersection of open source and emerging technologies. He has led the development and release of products spanning Computational Imaging, Blockchain, Confidential Computing, and... Read More →
RY

Raghu Yeluri

Sr. Principal Engineer, Intel

Tuesday June 23, 2026 12:45pm - 1:10pm PDT
Gold Ballroom

12:45pm PDT

Securing the Future with Azure Confidential Computing - Run Cai & Ashutosh Chickerur, Microsoft
Tuesday June 23, 2026 12:45pm - 1:10pm PDT
Confidential computing is becoming a critical foundation for cloud security in an era defined by AI acceleration, data sovereignty requirements, and rising expectations for end-to-end protection of sensitive workloads. Azure is advancing this space with new infrastructure, stronger platform protections, and innovations designed to make confidential workloads more resilient, scalable, and production ready. This session will highlight the latest Azure Confidential Computing developments, including v6 confidential VMs on AMD and Intel, expanded Azure regional availability, and continued progress in production readiness. We will also look ahead to live migration for confidential VMs, including a live demo, and discuss how this capability improves workload continuity during planned security updates and unexpected hardware events. In addition, we will explore future investments acrossenclaves, platform attestation, and confidential AI. Topics include nested virtualization to enable confidential enclaves, stronger platform attestation with recovery capabilities, protection of Azure trusted computing base services, and the growing need for confidential GPUs to secure prompts, model weights, and distributed inference workloads for modern AI applications at scale.
Speakers
avatar for Run Cai

Run Cai

Principal PM Manager, Microsoft
Run Cai is a Principal TPM Manager at Microsoft, leading large-scale Azure infrastructure and focusing on confidential computing programs. She is shaping future generations of Azure confidential computing platforms, driving product scale-out and elasticity while championing new initiatives... Read More →
AC

Ashutosh Chickerur

Principal Engineering Manager, Microsoft
Ashutosh Chickerur is a Principal Software Engineering Manager at Microsoft, leading Azure confidential computing and cloud infrastructure efforts, with deep expertise in multi-cloud platforms, security, and large-scale distributed systems.
Tuesday June 23, 2026 12:45pm - 1:10pm PDT
Courtyard

1:15pm PDT

AMD SEV & Azure Local: When Confidential VMs Go Local - David Harmon, AMD & Deepak Manohar, Microsoft
Tuesday June 23, 2026 1:15pm - 1:40pm PDT
AMD SEV has provided foundational technology for Confidential VMs at cloud scale, including deployments in Microsoft Azure Cloud. As workloads span cloud, hybrid, edge, and customer-owned environments, the architectural requirement is clear: preserve the Confidential VM trust pattern wherever those workloads run. This joint AMD-Microsoft session shows how AMD SEV and Azure Local come together for hybrid and on-prem deployment requirements, connecting silicon-based isolation, attestation, policy-gated key release, Azure Local deployment models, and practical deployment considerations. The session includes an Azure Local demo of attestation-gated access to protected workload assets.

Speakers
avatar for David Harmon

David Harmon

Director, Data Center Ecosystem, AMD
David Harmon is a Director of Software Development at AMD. David's work focuses on datacenter solutions that include AMD EPYC server product line and Microsoft software solutions for cloud and on prem including Azure Local.
avatar for Deepak Manohar

Deepak Manohar

Sr. Director PM, Microsoft
Deepak Manohar is a Sr. Director PM at Microsoft. He leads the security product management team for Azure Local and Digital Operations. One of his areas of focus is to bring Confidential computing to Azure's on-premises offering namely Azure Local. More broadly, he is responsible... Read More →
Tuesday June 23, 2026 1:15pm - 1:40pm PDT
Gold Ballroom

1:15pm PDT

Strictly Confidential: Use Cases & Demos of AI Workflows in TEEs - Sam Lugani & Ranjit Narjala, Google
Tuesday June 23, 2026 1:15pm - 1:40pm PDT
This session dives deeper into practical implementation and use cases for confidential computing. As complex AI models demand robust cryptographic roots of trust, we will demonstrate precisely how to architect and execute these environments in the real world. Through a series of live, hands-on demonstrations, we will showcase the latest confidential platforms in action, seamlessly extending trusted execution environments (TEEs) from model training all the way through to inference. Join us to look under the hood at the exact mechanisms and architectures that allow leading Google Cloud customers to secure complex AI workflows and keep active processing encrypted at scale.

Speakers
avatar for Sam Lugani

Sam Lugani

Product Lead, Confidential Computing, Google Cloud
Sam Lugani is the product lead for Confidential Computing and Confidential AI at Google. Sam started his professional career working as a software engineer at Cisco before venturing into product centric roles at FireEye, Synack and later at Google. He completed his MS in Computer... Read More →
avatar for Ranjit Narjala

Ranjit Narjala

Google Cloud, Engineering Lead, Confidential Computing,

Tuesday June 23, 2026 1:15pm - 1:40pm PDT
Courtyard

1:45pm PDT

Confidential Tenancy: Towards Digital Sovereignty on Public Clouds - Antoine Delignat-Lavaud, Microsoft
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Digital Sovereignty is commonly interpreted as a legal concept - but can it be turned into a technical guarantee? We introduce a new sovereignty boundary within existing public cloud infrastructure built on (and generalizing) the concept of confidential computing, where a given workload is totally isolated from its surrounding shared infrastructure within a trusted execution environment (TEE), enforced and attested in hardware. Although the concept of TEEs applies to a unit of computation (e.g., a process, VM, or container), we propose to extend these security guarantees to an entire cloud tenant, i.e., a cloud account with all its resources – IaaS (i.e., VMs), PaaS (e.g., Kubernetes clusters), and SaaS (e.g., model-as-a-service endpoints) and its associated management layer, including its own identity, access control and key management services. Critically, we introduce virtual data diode (VDD), a novel primitive that allows confidential tenants to control all movements of data within and without their confidential tenancy, including traffic to shared infrastructure services. We also introduce new operator controls to ensure that support requests can be addressed when operators need access to logs or must perform manual maintenance actions on the tenant’s resources, while ensuring that all maintenance actions can be reviewed and approved by the confidential tenant. 

Speakers
avatar for Antoine Delignat-Lavaud

Antoine Delignat-Lavaud

Principal Researcher, Microsoft
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

1:45pm PDT

Panel Discussion: Proof in Production: Customer Lessons from Confidential AI - Reshma Shetty, ServiceNow; Shyam Menon, Mitek Systems; Nikhil Gulati, Johnson & Johnson; & James Edwards, Midland Credit Management
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Enterprises in regulated sectors face a stark reality: AI agents offer transformative potential, but the risk of sensitive data bleeding beyond governed boundaries remains unacceptable for many compliance and security teams. Organizations can no longer rely on black-box AI systems or accept the risk of uncontrolled data exposure, unverifiable execution, or AI workflows that outpace governance. As AI adoption accelerates, trust has become the bottleneck, and auditors are demanding verifiable proof. This panel brings together enterprise leaders navigating the real-world challenge of deploying AI in environments where compliance is non-negotiable. Panelists will share how they are balancing innovation with operational control, meeting the demands of governance teams and regulators, and building the verifiable guardrails needed to move from pilot to production. The discussion will explore why Confidential AI is becoming foundational for enterprises that need to operationalize AI without compromising governance, auditability, or trust.
Moderators
avatar for Aaron Fulkerson

Aaron Fulkerson

OPAQUE, CEO

Speakers
avatar for Shyam Menon

Shyam Menon

Senior Director of Product- Machine Learning & Fraud, Mitek Systems


avatar for Nikhil Gulati

Nikhil Gulati

Global Head, Engineering & AI, Polyphonic, Johnson & Johnson

avatar for James Edwards

James Edwards

Senior Director, IT, Midland Credit Management

avatar for Reshma Shetty

Reshma Shetty

Senior Director of Engineering, ServiceNow

Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Courtyard

2:15pm PDT

Panel Discussion: State of the Union: Confidential AI From the Field - Moderated by Aaron Fulkerson, OPAQUE
Tuesday June 23, 2026 2:15pm - 2:45pm PDT
Confidential AI is moving rapidly from experimentation to production. Across industries, enterprises are demanding secure, verifiable AI infrastructure for sensitive workloads, regulated data, and autonomous agents. Leaders from across the ecosystem share a State of the Union from the field: where Confidential AI is gaining traction, what's driving demand, emerging use cases, deployment challenges, and the infrastructure requirements shaping the next wave — plus what it actually takes to move from pilot to production over the next 12 months.
Moderators
avatar for Aaron Fulkerson

Aaron Fulkerson

OPAQUE, CEO

Speakers
avatar for Nelly Porter

Nelly Porter

Director of Product Management, GCP Confidential Computing and Encryption, Google

avatar for Jonathan Dotan

Jonathan Dotan

Founder & CEO, EQTY Lab
EQTY Lab builds tools to reinvent trust in AI. As a serial founder, Jonathan has spent over 25 years navigating the intersection of technology and governance as a C-suite leader, investor, and researcher. He is also the founding director of The Starling Lab at Stanford University... Read More →
avatar for Antoine Delignat-Lavaud

Antoine Delignat-Lavaud

Principal Researcher, Microsoft
avatar for Harold Gilkey

Harold Gilkey

Director, Product Security Office, AMD
Harold Gilkey is a Director in AMD's Product Security Office, with a particular focus on confidential computing. He works across architecture, product, and engineering teams to extend hardware-rooted trust from silicon through the software stack, building on AMD's confidential computing... Read More →
avatar for Dr. Chaouki Kasmi

Dr. Chaouki Kasmi

Technology Innovation Institute, Chief Innovation Officer
Dr. Chaouki Kasmi is the Chief Innovation Officer at the Technology Innovation Institute (TII), is a cutting-edge UAE-based scientific research center. In his role, Dr. Kasmi spearheads the development and implementation of productization and industrialization strategies while overseeing... Read More →
Tuesday June 23, 2026 2:15pm - 2:45pm PDT
Courtyard

3:00pm PDT

From Pixels To Agents: Optimizing On-Device Performance of Confidential Computing in AI Evolution - Savas Ozkan, Samsung Research UK, Samsung Electronics
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Unlike server-side confidential AI, on-device confidential AI must balance strong protection of sensitive personal data with efficient operation under limited computational resources.

In this talk, we explore the impacts of CC on on-device AI performance for various AI models and tools by identifying some root-causes. First, we recognise that CC overheads vary across AI models during critical operations such as data read/write, model loading and inference phases, supported by detailed experiments. Second, we investigate multiple designs for AI agent tools in CC, especially by considering different AI memory modules, that present distinct overheads compared to traditional AI models. To enable systematic evaluation, we develop a modular software framework integrated with the open-source ISLET CC project. This framework supports configurable benchmarking of AI agent tools, and will be publicly released to foster the reproducibility and collaboration within the CC community. Lastly, since these performance drops can negatively impact the user experience, we propose a set of techniques that minimise the overhead related with model loading while ensuring robust privacy protection.
Speakers
avatar for Savas Ozkan

Savas Ozkan

Engineering Manager, Samsung Research UK
Savas Ozkan received the Ph.D. degree from the Department of Electrical and Electronics Engineering, Middle East Technical University, Ankara, Turkey. Currently, he is leading Efficient Machine Learning Group at Samsung Research UK, focusing on on-device AI solutions for vision, language... Read More →
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Mint Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:00pm PDT

NVIDIA Confidential Computing Attestation for Next-Generation AI Hardware - Rob Nertney & Spencer Gilson, NVIDIA
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
NVIDIA's attestation infrastructure was born from Confidential Computing - securing Hopper GPUs with hardware-rooted, in-band attestation. As AI hardware evolves to rack-scale systems like Vera Rubin NVL72, attestation must evolve with it: new devices, new modes, and new challenges.

This talk covers three dimensions of that evolution. First, we discuss how CC attestation scales to rack-level with Vera Rubin, including NVIDIA's multi-node solution for CC and the challenge of attesting dozens of GPUs, CPUs, and NVSwitches as a unified trusted system. Second, we show how attestation patterns proven in CC are extending to new modes and device types - including fleet intelligence and out-of-band attestation. Third, we share the standards and interoperability challenges we have encountered along the way: inconsistent implementations across the ecosystem, gaps in attestation policy standards, and binding discrete components into trusted subsystems to prevent relay and substitution attacks.

Attendees will leave understanding where NVIDIA attestation is heading and what we have learned about the open problems the ecosystem must solve together.
Speakers
avatar for Rob Nertney

Rob Nertney

Principal software architect, NVIDIA, NVIDIA
Rob Nertney is a principal software architect for confidential computing. He has spent nearly 15 years architecting the features and deployment of accelerator hardware into hyperscale environments for both internal and external use by developers. He has several patents in processor... Read More →
avatar for Spencer Gilson

Spencer Gilson

Senior Systems Software Engineer, NVIDIA
Spencer is a senior system software engineer working on attestation at NVIDIA. He specializes in designing, developing, and maintaining critical services with an emphasis on security and reliability.
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Courtyard

3:00pm PDT

Trust Is the Next Bottleneck: Why the Agentic Economy Needs Confidential Computing - Pawan Khandavilli, Microsoft
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Agents can authenticate, but they still cannot prove what actually ran. When an agent transfers value, calls a sensitive tool, or acts on delegated authority across a boundary, the relying party has no cryptographic way to verify what code executed, what policy governed it, or whether sensitive data stayed inside a trustworthy boundary. OAuth handles authorization, not runtime integrity. IAM labels principals, not measured execution. Prompt-level governance shapes intent, not enforceable policy. These are necessary but insufficient for agents acting autonomously across trust boundaries.

Confidential computing already has the primitives to close this gap: hardware attestation, measured execution, cryptographic evidence of runtime state. This talk presents a practical framework for applying those primitives to agent trust. I walk through a payment-approval agent scenario end-to-end, identify four concrete gaps (hardware-rooted agent identity, measured policy-as-code, portable attestation evidence, cross-cloud federation), and show which are solvable today and which need ecosystem work. Attendees leave with a framework they can use to evaluate or design agent trust architectures.
Speakers
avatar for Pawan Khandavilli

Pawan Khandavilli

Senior Product Manager, Microsoft
Pawan Khandavilli is a senior product manager in Azure Confidential Computing (ACC) with a focus on serverless and confidential computing. Pawan has previously worked at Fortanix and the Royal Bank of Canada in a variety of roles with a focus on applying innovative security technologies... Read More →
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Gold Ballroom

3:00pm PDT

Virtual Session: DriftlessAF: An Open Source Agentic Reconciler Framework Proven at Scale - Manfred Moser, Chainguard
Tuesday June 23, 2026 3:00pm - Wednesday June 24, 2026 5:30pm PDT

Speakers
avatar for Manfred Moser

Manfred Moser

Senior Principal DevRel Engineer, Chainguard
Manfred Moser is a Senior Principal DevRel Engineer at Chainguard, bringing a profound focus on software supply chain security to the open source world and our Chainguard Libraries product. A dedicated community leader and published author, his technical expertise spans decades as... Read More →
Tuesday June 23, 2026 3:00pm - Wednesday June 24, 2026 5:30pm PDT
Virtual Session

3:30pm PDT

"If It's Shared, It's Vulnerable": Is Kubernetes the Right Platform for Confidential Compute? - Zvonko Kaiser, NVIDIA
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Kubernetes shares host kernels, network stacks, storage paths, and control planes across tenants. These shared primitives become attack surfaces when tenants cannot trust each other or the infrastructure operator.

We enumerate the threat surfaces in confidential Kubernetes deployments, from eBPF snooping and conntrack hijacking to hardware-assisted virtualization rootkits. We then present a production architecture that eliminates shared-trust assumptions by flattening the virtualization stack so every workload runs as a TEE-protected guest, gating all secrets, identities, and device access on a composite attestation chain, and wrapping each shared primitive in a hardened overlay for compute, network, storage, control-plane, identity, and observability.

Attendees will learn which Kubernetes primitives leak across tenant boundaries, how composite attestation closes those gaps, and practical steps toward true multi-tenancy in confidential Kubernetes deployments.
Speakers
avatar for Zvonko Kaiser

Zvonko Kaiser

Principal Systems Engineer, NVIDIA
Zvonko is a Principal Systems Engineer at NVIDIA, working on the Cloud Native Technologies team. Focusing right now on all things related to confidential computing, zero-trust, especially in the context of accelerators.
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Mint Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:30pm PDT

GKE Hypercluster: Kubernetes TEEs for AI at Scale - Komei Nakamoto & Keith Moyer, Google
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
GKE Hypercluster brings large-scale operation of Trusted Execution Environments to Kubernetes, and was co-designed with Anthropic to meet their security and scale. In this talk we explain the linked runner architecture that drastically reduces the Trusted Compute Base (TCB) by completely separating high-value workload execution from the standard container orchestration control plane. In this model, sensitive AI workloads are offloaded to a dedicated, “sealed” virtual machine. The Kubernetes scheduling and orchestration remains on a non-sealed "parent" node, preserving Kubernetes primitives (ie. Pods, Network Policy) and operational familiarity while achieving workload isolation. The execution environment is built on a hardened and attested OS, removing non-essential services and preventing administrative shell access. Integrity is guaranteed through attestation and container signature verification.

This design establishes a strict chain of trust, offers isolation from the Kubernetes operator and Cloud Service Provider, supports high-performance AI accelerators within the sealed boundary, and enhances scalability by managing isolated environments with a reduced system footprint.
Speakers
avatar for Keith Moyer

Keith Moyer

Technical Lead, Confidential Computing, Google
Keith Moyer is the Technical Lead for Confidential Computing at Google Cloud. He has spent the last 10 years dedicated to making verifiable trust accessible and useful, with over 20 years of experience spanning cloud security and embedded systems. He holds a BS in Computer Engineering... Read More →
avatar for Komei Nakamoto

Komei Nakamoto

GKE AI Security Tech Lead, Google
Komei is a software engineer at Google, and the Tech Lead for the GKE AI Security team focused on making GKE a secure platform for running AI workloads.
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Courtyard
  Breakout Sessions
  • Slides Attached Yes

3:30pm PDT

Who is Calling? Identity for Agents with AAuth - Dick Hardt, Hellō
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
The weaknesses of shared secrets — API keys and bearer tokens — are being exploited in the agentic era. They get copied to every workload that uses them, they leak, and they prove nothing about who is actually calling.

Software has changed. Agents now assemble themselves at runtime and call services they've never seen, across organizations and trust domains. Inside the enterprise we have mTLS; on the open web we fall back to bearer tokens, which travel anywhere but prove nothing.

AAuth gives every agent its own cryptographic identity — verifiable by any party, with no pre‑registration and no shared secret. The agent proves possession of a key on every request, and carries who it is, who it is acting on behalf of, and what it's authorized to do in one signed token.

So when an agent calls, the resource knows who's calling — and on whose authority.

Speakers
avatar for Dick Hardt

Dick Hardt

Founder/CEO, Hellō
Agentic Identity and AAuth. 
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Gold Ballroom

4:00pm PDT

Agentic Zero Trust: at Rest, in Transit, and at Runtime - Nina Polshakova, Solo.io & Josh Halley, Cisco
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
AI workloads handle some of the most sensitive data in modern enterprises, from proprietary training datasets to user prompts and high-dimensional embeddings. Yet many AI pipelines are built without the rigorous security practices applied to traditional systems, leaving critical gaps.

Josh and Nina from the CNCF AI Working Group show how to apply Zero Trust principles to secure AI data at every stage: at rest, in transit, and in runtime. Attendees will learn why conventional approaches fail for AI, highlighting risks like prompt injection, embedding poisoning, and GPU memory leakage, and how Zero Trust, combined with confidential computing, provides a stronger security foundation.

We’ll demonstrate how agent identity, continuous attestation, and trusted execution environments (TEEs) enforce runtime trust, while encryption, fine-grained access control, and mTLS protect data at rest and in transit.

Attendees will gain actionable strategies for securing every stage of the AI data lifecycle using modern encryption, policy enforcement, and runtime hardening.
Speakers
avatar for Nina Polshakova

Nina Polshakova

Senior Principal Software Engineer, Solo.io
Nina is a software engineer at Solo.io, working on AI Gateway projects. She contributes to open source projects, including Kubernetes, Istio, kagent, agentgateway, and kgateway. A CNCF Ambassador and former Kubernetes v1.33 Release Lead, she’s also a member of the Cloud Native AI... Read More →
avatar for Josh Halley

Josh Halley

Principal Architect, Cisco
Josh Halley, is a Principal Architect and published technical author, in the office of the CTO at Cisco,
focused on next generation technologies and technical transformation for some
of Cisco’s largest global customers. His main focus today is in the domains of AI Operations, leading and supporting multiple teams in their generation of Agentic AI systems to support todays and tomorrows future technologies use cases... Read More →
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

4:00pm PDT

Governing AI Agents at the Hardware Boundary - Imran Siddique, OPAQUE Systems
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
AI agents are making real decisions: filing tickets, moving money, deploying code, operating infrastructure. The question is no longer what the agent should do. The question is: can you prove governance was actually enforced?

Right now, all agent governance is software. Policy engines, identity checks, audit logs, credentials: everything lives in the same trust boundary as the agent itself. If someone compromises the runtime, every control disappears. Policies get bypassed. Credentials get exfiltrated. Audit logs get forged.
Software governance makes promises. Hardware governance provides proofs.

I will walk through what my team has built (the Agent Governance Toolkit), where the software limits are, and how TEE-backed enforcement closes those gaps. Concrete architecture, real code, honest gap analysis.
Speakers
avatar for Imran Siddique

Imran Siddique

Chief Platform Officer, Opaque Systems
Imran Siddique is Chief Platform Officer at Opaque Systems and the creator of the Agent Governance Toolkit.Imran holds 20+ patents in AI systems, data platforms, and sustainability infrastructure, and has published research papers on agentic architecture and distributed systems... Read More →
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Courtyard

4:00pm PDT

Running AI Agents Inside TEEs Without Losing Your Mind - Sonali Mishra, Nutanix
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
AI agents are making decisions, calling tools, and talking to other agents, often with access to sensitive data they shouldn't be able to see in plaintext. The usual answer is to just trust the infrastructure, but that falls apart in multi tenant clouds and cross org workflows. This talk covers what it actually takes to run agentic AI workloads inside Trusted Execution Environments. I'll walk through the architecture for isolating agent-to-agent communication using confidential VMs, how attestation works when agents need to dynamically invoke external tools, and the gotchas we hit around key management and session state. We'll look at real performance numbers and what the overhead looks like on GPU backed inference inside TEEs and where the bottlenecks actually are. Attendees will leave with a concrete reference architecture for deploying AI agents with hardware-rooted trust boundaries, plus practical guidance on attestation flows for multi-party agent pipelines. If you're building agentic systems that handle regulated or sensitive data, this talk gives you a starting point that doesn't require rearchitecting everything from scratch.
Speakers
avatar for Sonali Mishra

Sonali Mishra

Principal Product Manager - AI & Cloud Native, Nutanix
As a Principal Cloud Native at Nutanix, I am passionate about driving innovation and empowering organizations to build secure and resilient solutions in their cloud-native journey. With our significant presence in US government, I aim to ensure organizations can adopt Kubernetes securely... Read More →
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Mint Ballroom
  Breakout Sessions
  • Slides Attached Yes
 
  • Filter By Date
  • Filter By Venue
  • Filter By Type
  • Audience
  • Slides Attached
  • Timezone

Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date -