Loading…
Venue: Gold Ballroom clear filter
arrow_back View All Dates
Tuesday, June 23
 

12:45pm PDT

From Perimeter to Silicon: Why Agentic AI Demands a New Security Model - Dan Middleton, NVIDIA & Raghu Yeluri, Intel
Tuesday June 23, 2026 12:45pm - 1:10pm PDT
As AI agents move from assistants to autonomous actors executing workflows, calling tools, and making decisions across sensitive infrastructure, every industry faces the same foundational question: how do we establish verifiable trust at every layer of the stack?
This session examines the full trust architecture agentic AI requires:
  • Cryptographic attestation that verifies data and model integrity inside secure enclaves
  • Integrity-protected agent identity generation and verification
  • Policy-enforced execution that maintains auditability with no human in the loop
Speakers from Intel and NVIDIA will share how the CCC's four new vendor-agnostic technical blueprints are making Confidential Computing deployable at enterprise scale.

Key Takeaways:
  • The CCC's strategic shift toward demand-driven technical excellence and what it unlocks for enterprise adopters
  • A technical overview of the four new guidance papers and the deployment bottlenecks they solve
  • How to map these reference architectures to your existing cloud-native and open-source pipelines

Speakers
avatar for Dan Middleton

Dan Middleton

Principal Software Architect, NVIDIA
Dan Middleton is a Principal Software Architect at NVIDIA, with deep experience driving innovation at the intersection of open source and emerging technologies. He has led the development and release of products spanning Computational Imaging, Blockchain, Confidential Computing, and... Read More →
RY

Raghu Yeluri

Sr. Principal Engineer, Intel

Tuesday June 23, 2026 12:45pm - 1:10pm PDT
Gold Ballroom

1:15pm PDT

AMD SEV & Azure Local: When Confidential VMs Go Local - David Harmon, AMD & Deepak Manohar, Microsoft
Tuesday June 23, 2026 1:15pm - 1:40pm PDT
AMD SEV has provided foundational technology for Confidential VMs at cloud scale, including deployments in Microsoft Azure Cloud. As workloads span cloud, hybrid, edge, and customer-owned environments, the architectural requirement is clear: preserve the Confidential VM trust pattern wherever those workloads run. This joint AMD-Microsoft session shows how AMD SEV and Azure Local come together for hybrid and on-prem deployment requirements, connecting silicon-based isolation, attestation, policy-gated key release, Azure Local deployment models, and practical deployment considerations. The session includes an Azure Local demo of attestation-gated access to protected workload assets.

Speakers
avatar for David Harmon

David Harmon

Director, Data Center Ecosystem, AMD
David Harmon is a Director of Software Development at AMD. David's work focuses on datacenter solutions that include AMD EPYC server product line and Microsoft software solutions for cloud and on prem including Azure Local.
avatar for Deepak Manohar

Deepak Manohar

Sr. Director PM, Microsoft
Deepak Manohar is a Sr. Director PM at Microsoft. He leads the security product management team for Azure Local and Digital Operations. One of his areas of focus is to bring Confidential computing to Azure's on-premises offering namely Azure Local. More broadly, he is responsible... Read More →
Tuesday June 23, 2026 1:15pm - 1:40pm PDT
Gold Ballroom

1:45pm PDT

Confidential Tenancy: Towards Digital Sovereignty on Public Clouds - Antoine Delignat-Lavaud, Microsoft
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Digital Sovereignty is commonly interpreted as a legal concept - but can it be turned into a technical guarantee? We introduce a new sovereignty boundary within existing public cloud infrastructure built on (and generalizing) the concept of confidential computing, where a given workload is totally isolated from its surrounding shared infrastructure within a trusted execution environment (TEE), enforced and attested in hardware. Although the concept of TEEs applies to a unit of computation (e.g., a process, VM, or container), we propose to extend these security guarantees to an entire cloud tenant, i.e., a cloud account with all its resources – IaaS (i.e., VMs), PaaS (e.g., Kubernetes clusters), and SaaS (e.g., model-as-a-service endpoints) and its associated management layer, including its own identity, access control and key management services. Critically, we introduce virtual data diode (VDD), a novel primitive that allows confidential tenants to control all movements of data within and without their confidential tenancy, including traffic to shared infrastructure services. We also introduce new operator controls to ensure that support requests can be addressed when operators need access to logs or must perform manual maintenance actions on the tenant’s resources, while ensuring that all maintenance actions can be reviewed and approved by the confidential tenant. 

Speakers
avatar for Antoine Delignat-Lavaud

Antoine Delignat-Lavaud

Principal Researcher, Microsoft
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:00pm PDT

Trust Is the Next Bottleneck: Why the Agentic Economy Needs Confidential Computing - Pawan Khandavilli, Microsoft
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Agents can authenticate, but they still cannot prove what actually ran. When an agent transfers value, calls a sensitive tool, or acts on delegated authority across a boundary, the relying party has no cryptographic way to verify what code executed, what policy governed it, or whether sensitive data stayed inside a trustworthy boundary. OAuth handles authorization, not runtime integrity. IAM labels principals, not measured execution. Prompt-level governance shapes intent, not enforceable policy. These are necessary but insufficient for agents acting autonomously across trust boundaries.

Confidential computing already has the primitives to close this gap: hardware attestation, measured execution, cryptographic evidence of runtime state. This talk presents a practical framework for applying those primitives to agent trust. I walk through a payment-approval agent scenario end-to-end, identify four concrete gaps (hardware-rooted agent identity, measured policy-as-code, portable attestation evidence, cross-cloud federation), and show which are solvable today and which need ecosystem work. Attendees leave with a framework they can use to evaluate or design agent trust architectures.
Speakers
avatar for Pawan Khandavilli

Pawan Khandavilli

Senior Product Manager, Microsoft
Pawan Khandavilli is a senior product manager in Azure Confidential Computing (ACC) with a focus on serverless and confidential computing. Pawan has previously worked at Fortanix and the Royal Bank of Canada in a variety of roles with a focus on applying innovative security technologies... Read More →
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Gold Ballroom

3:30pm PDT

Who is Calling? Identity for Agents with AAuth - Dick Hardt, Hellō
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
The weaknesses of shared secrets — API keys and bearer tokens — are being exploited in the agentic era. They get copied to every workload that uses them, they leak, and they prove nothing about who is actually calling.

Software has changed. Agents now assemble themselves at runtime and call services they've never seen, across organizations and trust domains. Inside the enterprise we have mTLS; on the open web we fall back to bearer tokens, which travel anywhere but prove nothing.

AAuth gives every agent its own cryptographic identity — verifiable by any party, with no pre‑registration and no shared secret. The agent proves possession of a key on every request, and carries who it is, who it is acting on behalf of, and what it's authorized to do in one signed token.

So when an agent calls, the resource knows who's calling — and on whose authority.

Speakers
avatar for Dick Hardt

Dick Hardt

Founder/CEO, Hellō
Agentic Identity and AAuth. 
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Gold Ballroom

4:00pm PDT

Agentic Zero Trust: at Rest, in Transit, and at Runtime - Nina Polshakova, Solo.io & Josh Halley, Cisco
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
AI workloads handle some of the most sensitive data in modern enterprises, from proprietary training datasets to user prompts and high-dimensional embeddings. Yet many AI pipelines are built without the rigorous security practices applied to traditional systems, leaving critical gaps.

Josh and Nina from the CNCF AI Working Group show how to apply Zero Trust principles to secure AI data at every stage: at rest, in transit, and in runtime. Attendees will learn why conventional approaches fail for AI, highlighting risks like prompt injection, embedding poisoning, and GPU memory leakage, and how Zero Trust, combined with confidential computing, provides a stronger security foundation.

We’ll demonstrate how agent identity, continuous attestation, and trusted execution environments (TEEs) enforce runtime trust, while encryption, fine-grained access control, and mTLS protect data at rest and in transit.

Attendees will gain actionable strategies for securing every stage of the AI data lifecycle using modern encryption, policy enforcement, and runtime hardening.
Speakers
avatar for Nina Polshakova

Nina Polshakova

Senior Principal Software Engineer, Solo.io
Nina is a software engineer at Solo.io, working on AI Gateway projects. She contributes to open source projects, including Kubernetes, Istio, kagent, agentgateway, and kgateway. A CNCF Ambassador and former Kubernetes v1.33 Release Lead, she’s also a member of the Cloud Native AI... Read More →
avatar for Josh Halley

Josh Halley

Principal Architect, Cisco
Josh Halley, is a Principal Architect and published technical author, in the office of the CTO at Cisco,
focused on next generation technologies and technical transformation for some
of Cisco’s largest global customers. His main focus today is in the domains of AI Operations, leading and supporting multiple teams in their generation of Agentic AI systems to support todays and tomorrows future technologies use cases... Read More →
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes
 
  • Filter By Date
  • Filter By Venue
  • Filter By Type
  • Audience
  • Slides Attached
  • Timezone

Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date -