BEGIN:VCALENDAR
VERSION:2.0
X-WR-CALNAME:ccsummit2026
X-WR-CALDESC:Event Calendar
METHOD:PUBLISH
CALSCALE:GREGORIAN
PRODID:-//Sched.com Confidential Computing Summit 2026//EN
X-WR-TIMEZONE:UTC
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T150000Z
DTEND:20260624T040000Z
SUMMARY:Continental Breakfast
DESCRIPTION:\n
CATEGORIES:BREAKS / EXHIBITS / SPECIAL EVENTS
LOCATION:Column Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:bdc247d3774cca986ca56ad028a5ad22
URL:http://ccsummit2026.sched.com/event/bdc247d3774cca986ca56ad028a5ad22
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T150000Z
DTEND:20260624T013000Z
SUMMARY:Registration & Badge Pick-Up
DESCRIPTION:\n
CATEGORIES:BREAKS / EXHIBITS / SPECIAL EVENTS
LOCATION:Salon 3\, San Francisco\, CA\, USA
SEQUENCE:0
UID:4cebdb2daf8ea1a3edc95e926e7eed04
URL:http://ccsummit2026.sched.com/event/4cebdb2daf8ea1a3edc95e926e7eed04
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T150000Z
DTEND:20260623T160000Z
SUMMARY:Poster Presentations: Innovation
DESCRIPTION:1. Multi-Party Confidential RAG: Provable Safety Controls - Ryota Hashimoto\, NTT\n2. US Mutual Trust in the Cloud: Protecting Model IP and Customer Data with Confidential Containers - Ivan Font &&nbsp\; Donald Hunter\, Red Hat3. Proof beats Promise: Delivering Trust in the Age of AI - Lakshmi Hanspal\, DigiCert\n4. Confidential AI in Practice and at Scale: From Multi-GPU Execution to Browser-Based Attestation - Felix Schuster\, Edgeless Systems\n5. From Firmware to AI Agents: Achieve Full-Chain Trust with dstack - Hang Yin\, Phala6. Like It or Not\, AI Is Deciding: Securing Infrastructure for Autonomous Intent - Shweta Vohra\, Booking.com\n7. Audit\, Enforce\, Repeat! Seamless Confidentiality with CoCo and Kyverno - Jim Bugwadia\, Nirmata & Chris Butler\, Red Hat\n8. Beyond Identity: Attestation as the New TLS Trust Model - Jens Albers\, Fr0ntierX
CATEGORIES:POSTER SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:7cf141efd308032c03b8cf9bc9cc2851
URL:http://ccsummit2026.sched.com/event/7cf141efd308032c03b8cf9bc9cc2851
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T150000Z
DTEND:20260623T160000Z
SUMMARY:Poster Presentations: Research
DESCRIPTION:1. HaitiAidShield: Scaling Humanitarian Transparency with Confidential Computing - Vladimir Vilne\, Trusted Haitian Cyber2. Structural Privacy for Cross-Boundary AI Training for Compliant LLMs - Hina Dixit\, Decompute3. Privacy-Preserving Spatial AI: From Theory to Production - Abtin Aghagolian\, Pikd4. Achieving Hardware Root of Trust in the Real World - Yawang Wang\, Google5. Proof\, Not Promises: Securing AI Inference - Hugo Huang\, Canonical6. Stop Trusting Your Kernel: Split It - Cong Wang\, Multikernel Technologies7. Minimize\, Harden\, Extend: Rethinking OS Design for Confidential Agents - Kailun Qin\, Intel Corporation\; Mona Vij\, Intel Labs\; and Don Porter\, UNC Chapel Hill & AWS8. Building the Trusted Agent Ecosystem - Ivan Petrov & Patrick McGrath\,&nbsp\;Google DeepMind9. Privacy-preserving Medical AI Evaluation - Alexandros Karargyris\, MLCommons\n10. Standardization of Attested TLS Protocols for Confidential Computing - Muhammad Usama Sardar\, TU Dresden and GA4GH11. Trusted Execution\, Broken Assumptions: Real-World Failures in TEE Attestation Systems - Rahul Saxena\, Bluethroat Labs
CATEGORIES:POSTER SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:f0158719ac626b3f8bf5fa9f19dc6cf9
URL:http://ccsummit2026.sched.com/event/f0158719ac626b3f8bf5fa9f19dc6cf9
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T150000Z
DTEND:20260623T160000Z
SUMMARY:Poster Presentations: Use Cases
DESCRIPTION:1. How to Test a Confidential Agent Before Production - Sachin Gupta\, eBay\n2. Privacy for Proprietary Code in Confidential Compute Systems - Abdulla Alwabel & Shabsi Walfish\, Google\n3.&nbsp\;Phala Cloud: TEE-Native Cloud & Private Inference Platform - Hang Yin\,&nbsp\;Phala \n4. From Enclaves to Intents: Making Confidential Computing Usable - Cameron Dennis\n5. 3 Degrees of CC - Dan Middleton
CATEGORIES:POSTER SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:7b9196db81411fd2100d697b34845762
URL:http://ccsummit2026.sched.com/event/7b9196db81411fd2100d697b34845762
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T160000Z
DTEND:20260623T160500Z
SUMMARY:Keynote: Welcome - Nelly Porter\, Director of Product Management\, GCP Confidential Computing and Encryption\, Google
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:f571128a13630e17cd2fab81051e54e5
URL:http://ccsummit2026.sched.com/event/f571128a13630e17cd2fab81051e54e5
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T160500Z
DTEND:20260623T161000Z
SUMMARY:Keynote: Jim Zemlin\, Executive Director\, The Linux Foundation
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:7157841cf8b8babe031d67cd5d7b8872
URL:http://ccsummit2026.sched.com/event/7157841cf8b8babe031d67cd5d7b8872
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T161000Z
DTEND:20260623T162000Z
SUMMARY:Keynote: Welcome Address - Aaron Fulkerson\, Chief Executive Officer\, OPAQUE
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:5195ef3b0aba9a7d668252be2d43b9fe
URL:http://ccsummit2026.sched.com/event/5195ef3b0aba9a7d668252be2d43b9fe
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T162000Z
DTEND:20260623T164000Z
SUMMARY:Keynote: Mark Russinovich\, CTO\, Deputy CISO and Technical Fellow\, Microsoft Azure\, Microsoft
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:7b089c0e36dc42a8e507b52026815a90
URL:http://ccsummit2026.sched.com/event/7b089c0e36dc42a8e507b52026815a90
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T164000Z
DTEND:20260623T170000Z
SUMMARY:Keynote: Google (Speaker to be Announced)
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:92d8ee899779708935c111907c68a080
URL:http://ccsummit2026.sched.com/event/92d8ee899779708935c111907c68a080
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T170000Z
DTEND:20260623T172000Z
SUMMARY:Keynote: Hugo Romero\, Corporate Vice President\, Product Security\, AMD
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:a1a9ae8e7de3d55151feba662a4e483b
URL:http://ccsummit2026.sched.com/event/a1a9ae8e7de3d55151feba662a4e483b
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T172000Z
DTEND:20260623T173500Z
SUMMARY:Coffee Break
DESCRIPTION:\n
CATEGORIES:BREAKS / EXHIBITS / SPECIAL EVENTS
LOCATION:Column Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:f82a59fe9095ce0bc94639f968b9519a
URL:http://ccsummit2026.sched.com/event/f82a59fe9095ce0bc94639f968b9519a
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T173500Z
DTEND:20260623T175500Z
SUMMARY:Keynote: Confidential Computing Consortium (Speaker to be Announced)
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:a32411f154adab1df8431884c56c0042
URL:http://ccsummit2026.sched.com/event/a32411f154adab1df8431884c56c0042
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T175500Z
DTEND:20260623T181500Z
SUMMARY:Keynote: Dr. Najwa Aaraj\, CEO\, Technology Innovation Institute (TII)
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:547d160cc392b8ca3393f879b09b8d9c
URL:http://ccsummit2026.sched.com/event/547d160cc392b8ca3393f879b09b8d9c
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T181500Z
DTEND:20260623T184500Z
SUMMARY:Keynote Panel Discussion: Hugo Romero\, AMD; Najwa Aaraj\, TII; Mark Russinovich\, Microsoft & Additional Speakers to be Announced
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:5ae8115e637674756af57232a169fa3a
URL:http://ccsummit2026.sched.com/event/5ae8115e637674756af57232a169fa3a
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T184500Z
DTEND:20260623T194500Z
SUMMARY:Lunch
DESCRIPTION:\n
CATEGORIES:BREAKS / EXHIBITS / SPECIAL EVENTS
LOCATION:Column Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:e99cf36dd6406bb309c31593bd2fc714
URL:http://ccsummit2026.sched.com/event/e99cf36dd6406bb309c31593bd2fc714
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T184500Z
DTEND:20260623T194500Z
SUMMARY:Poster Presentations: Innovation
DESCRIPTION:1. Multi-Party Confidential RAG: Provable Safety Controls - Ryota Hashimoto\, NTT\n2. US Mutual Trust in the Cloud: Protecting Model IP and Customer Data with Confidential Containers - Ivan Font &&nbsp\; Donald Hunter\, Red Hat3. Proof beats Promise: Delivering Trust in the Age of AI - Lakshmi Hanspal\, DigiCert\n4. Confidential AI in Practice and at Scale: From Multi-GPU Execution to Browser-Based Attestation - Felix Schuster\, Edgeless Systems\n5. From Firmware to AI Agents: Achieve Full-Chain Trust with dstack - Hang Yin\, Phala6. Like It or Not\, AI Is Deciding: Securing Infrastructure for Autonomous Intent - Shweta Vohra\, Booking.com\n7. Audit\, Enforce\, Repeat! Seamless Confidentiality with CoCo and Kyverno - Jim Bugwadia\, Nirmata & Chris Butler\, Red Hat\n8. Beyond Identity: Attestation as the New TLS Trust Model - Jens Albers\, Fr0ntierX
CATEGORIES:POSTER SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:57c8e7f1025764336d5a1b0d77f0eaf1
URL:http://ccsummit2026.sched.com/event/57c8e7f1025764336d5a1b0d77f0eaf1
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T184500Z
DTEND:20260623T194500Z
SUMMARY:Poster Presentations: Research
DESCRIPTION:1. HaitiAidShield: Scaling Humanitarian Transparency with Confidential Computing - Vladimir Vilne\, Trusted Haitian Cyber2. Structural Privacy for Cross-Boundary AI Training for Compliant LLMs - Hina Dixit\, Decompute3. Privacy-Preserving Spatial AI: From Theory to Production - Abtin Aghagolian\, Pikd4. Achieving Hardware Root of Trust in the Real World - Yawang Wang\, Google5. Proof\, Not Promises: Securing AI Inference - Hugo Huang\, Canonical6. Stop Trusting Your Kernel: Split It - Cong Wang\, Multikernel Technologies7. Minimize\, Harden\, Extend: Rethinking OS Design for Confidential Agents - Kailun Qin\, Intel Corporation\; Mona Vij\, Intel Labs\; and Don Porter\, UNC Chapel Hill & AWS8. Building the Trusted Agent Ecosystem - Ivan Petrov & Patrick McGrath\,&nbsp\;Google DeepMind9. Privacy-preserving Medical AI Evaluation - Alexandros Karargyris\, MLCommons\n10. Standardization of Attested TLS Protocols for Confidential Computing - Muhammad Usama Sardar\, TU Dresden and GA4GH11. Trusted Execution\, Broken Assumptions: Real-World Failures in TEE Attestation Systems - Rahul Saxena\, Bluethroat Labs
CATEGORIES:POSTER SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:39368e318c50ea7d9ae377416cc402bc
URL:http://ccsummit2026.sched.com/event/39368e318c50ea7d9ae377416cc402bc
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T184500Z
DTEND:20260623T194500Z
SUMMARY:Poster Presentations: Use Cases
DESCRIPTION:1. How to Test a Confidential Agent Before Production - Sachin Gupta\, eBay2. Privacy for Proprietary Code in Confidential Compute Systems - Abdulla Alwabel & Shabsi Walfish\, Google3.&nbsp\;Phala Cloud: TEE-Native Cloud & Private Inference Platform - Hang Yin\,&nbsp\;Phala4. From Enclaves to Intents: Making Confidential Computing Usable - Cameron Dennis5. 3 Degrees of CC - Dan Middleton
CATEGORIES:POSTER SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:a0675f9a1fb10803844e8c64946691f8
URL:http://ccsummit2026.sched.com/event/a0675f9a1fb10803844e8c64946691f8
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T194500Z
DTEND:20260623T201000Z
SUMMARY:AMD Session (Speaker to be Announced)
DESCRIPTION:\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Gold Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:a20a8d39d6efc34ce80c46b855f9d4e1
URL:http://ccsummit2026.sched.com/event/a20a8d39d6efc34ce80c46b855f9d4e1
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T194500Z
DTEND:20260623T201000Z
SUMMARY:Securing the Future with Azure Confidential Computing - Run Cai & Ashutosh Chickerur\, Microsoft
DESCRIPTION:Confidential computing is becoming a critical foundation for cloud security in an era defined by AI acceleration\, data sovereignty requirements\, and rising expectations for end-to-end protection of sensitive workloads. Azure is advancing this space with new infrastructure\, stronger platform protections\, and innovations designed to make confidential workloads more resilient\, scalable\, and production ready. This session will highlight the latest Azure Confidential Computing developments\, including v6 confidential VMs on AMD and Intel\, expanded Azure regional availability\, and continued progress in production readiness. We will also look ahead to live migration for confidential VMs\, including a live demo\, and discuss how this capability improves workload continuity during planned security updates and unexpected hardware events. In addition\, we will explore future investments acrossenclaves\, platform attestation\, and confidential AI. Topics include nested virtualization to enable confidential enclaves\, stronger platform attestation with recovery capabilities\, protection of Azure trusted computing base services\, and the growing need for confidential GPUs to secure prompts\, model weights\, and distributed inference workloads for modern AI applications at scale.\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:6b60341a611b265e9161cfa71d83d038
URL:http://ccsummit2026.sched.com/event/6b60341a611b265e9161cfa71d83d038
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T194500Z
DTEND:20260623T201000Z
SUMMARY:TII Session (Speaker to be Announced)
DESCRIPTION:\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Mint Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:a95a7d09fa9eee577d5457aadda222f2
URL:http://ccsummit2026.sched.com/event/a95a7d09fa9eee577d5457aadda222f2
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T201500Z
DTEND:20260623T204000Z
SUMMARY:Confidential Computing Consortium Session (Speaker to be Announced)
DESCRIPTION:\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Gold Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:34523f24ca4e6b1902d3e92c4f88bdb0
URL:http://ccsummit2026.sched.com/event/34523f24ca4e6b1902d3e92c4f88bdb0
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T201500Z
DTEND:20260623T204000Z
SUMMARY:Google Session (Speaker to be Announced)
DESCRIPTION:\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:4c251fdd771ec1f6d670fe8ff746c46f
URL:http://ccsummit2026.sched.com/event/4c251fdd771ec1f6d670fe8ff746c46f
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T204500Z
DTEND:20260623T211000Z
SUMMARY:Antoine Delignat-Lavaud\, Microsoft - Session Topic to be Announced
DESCRIPTION:\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Gold Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:2477013e87fcfeda94a6822506619c0a
URL:http://ccsummit2026.sched.com/event/2477013e87fcfeda94a6822506619c0a
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T204500Z
DTEND:20260623T211000Z
SUMMARY:OPAQUE Panel Discussion: David Forman\, Midland Credit Management\, an Encore Capital Group Company; Shyam Menon\, Mitek Systems; Nikhil Gulati\, Johnson & Johnson; and Additional Speakers to be Announced
DESCRIPTION:\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:a2d0d1080b246adb4b42d5f2b424f60c
URL:http://ccsummit2026.sched.com/event/a2d0d1080b246adb4b42d5f2b424f60c
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T211500Z
DTEND:20260623T214500Z
SUMMARY:Panel Discussion: Speakers to be Announced from Microsoft\, AMD\, CCC\, TII\, OPAQUE & Additional Companies
DESCRIPTION:\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:7221bdef9058db65dac70b818db9c6f9
URL:http://ccsummit2026.sched.com/event/7221bdef9058db65dac70b818db9c6f9
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T214500Z
DTEND:20260623T220000Z
SUMMARY:Coffee Break
DESCRIPTION:\n
CATEGORIES:BREAKS / EXHIBITS / SPECIAL EVENTS
LOCATION:Column Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:9c3503f880318a989c54c95cd40452e5
URL:http://ccsummit2026.sched.com/event/9c3503f880318a989c54c95cd40452e5
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T220000Z
DTEND:20260623T222500Z
SUMMARY:From Pixels To Agents: Optimizing On-Device Performance of Confidential Computing in AI Evolution - Savas Ozkan\, Samsung Research UK\, Samsung Electronics
DESCRIPTION:Unlike server-side confidential AI\, on-device confidential AI must balance strong protection of sensitive personal data with efficient operation under limited computational resources. \n \n In this talk\, we explore the impacts of CC on on-device AI performance for various AI models and tools by identifying some root-causes. First\, we recognise that CC overheads vary across AI models during critical operations such as data read/write\, model loading and inference phases\, supported by detailed experiments. Second\, we investigate multiple designs for AI agent tools in CC\, especially by considering different AI memory modules\, that present distinct overheads compared to traditional AI models. To enable systematic evaluation\, we develop a modular software framework integrated with the open-source ISLET CC project. This framework supports configurable benchmarking of AI agent tools\, and will be publicly released to foster the reproducibility and collaboration within the CC community. Lastly\, since these performance drops can negatively impact the user experience\, we propose a set of techniques that minimise the overhead related with model loading while ensuring robust privacy protection.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Mint Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:5512b17fa9b4ca18d63ec6c87c4c9a51
URL:http://ccsummit2026.sched.com/event/5512b17fa9b4ca18d63ec6c87c4c9a51
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T220000Z
DTEND:20260623T222500Z
SUMMARY:NVIDIA Confidential Computing Attestation for Next-Generation AI Hardware - Rob Nertney & Spencer Gilson\, NVIDIA
DESCRIPTION:NVIDIA's attestation infrastructure was born from Confidential Computing - securing Hopper GPUs with hardware-rooted\, in-band attestation. As AI hardware evolves to rack-scale systems like Vera Rubin NVL72\, attestation must evolve with it: new devices\, new modes\, and new challenges. \n \n This talk covers three dimensions of that evolution. First\, we discuss how CC attestation scales to rack-level with Vera Rubin\, including NVIDIA's multi-node solution for CC and the challenge of attesting dozens of GPUs\, CPUs\, and NVSwitches as a unified trusted system. Second\, we show how attestation patterns proven in CC are extending to new modes and device types - including fleet intelligence and out-of-band attestation. Third\, we share the standards and interoperability challenges we have encountered along the way: inconsistent implementations across the ecosystem\, gaps in attestation policy standards\, and binding discrete components into trusted subsystems to prevent relay and substitution attacks. \n \n Attendees will leave understanding where NVIDIA attestation is heading and what we have learned about the open problems the ecosystem must solve together.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:75516e5ba8abcc7eb5688535f1683c71
URL:http://ccsummit2026.sched.com/event/75516e5ba8abcc7eb5688535f1683c71
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T220000Z
DTEND:20260623T222500Z
SUMMARY:Trust Is the Next Bottleneck: Why the Agentic Economy Needs Confidential Computing - Pawan Khandavilli\, Microsoft
DESCRIPTION:Agents can authenticate\, but they still cannot prove what actually ran. When an agent transfers value\, calls a sensitive tool\, or acts on delegated authority across a boundary\, the relying party has no cryptographic way to verify what code executed\, what policy governed it\, or whether sensitive data stayed inside a trustworthy boundary. OAuth handles authorization\, not runtime integrity. IAM labels principals\, not measured execution. Prompt-level governance shapes intent\, not enforceable policy. These are necessary but insufficient for agents acting autonomously across trust boundaries. \n \n Confidential computing already has the primitives to close this gap: hardware attestation\, measured execution\, cryptographic evidence of runtime state. This talk presents a practical framework for applying those primitives to agent trust. I walk through a payment-approval agent scenario end-to-end\, identify four concrete gaps (hardware-rooted agent identity\, measured policy-as-code\, portable attestation evidence\, cross-cloud federation)\, and show which are solvable today and which need ecosystem work. Attendees leave with a framework they can use to evaluate or design agent trust architectures.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Gold Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:e8027fb78ceee17424bd818ae7ae7498
URL:http://ccsummit2026.sched.com/event/e8027fb78ceee17424bd818ae7ae7498
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T223000Z
DTEND:20260623T225500Z
SUMMARY:"If It's Shared\, It's Vulnerable": Is Kubernetes the Right Platform for Confidential Compute? - Zvonko Kaiser\, NVIDIA
DESCRIPTION:Kubernetes shares host kernels\, network stacks\, storage paths\, and control planes across tenants. These shared primitives become attack surfaces when tenants cannot trust each other or the infrastructure operator.\n \n We enumerate the threat surfaces in confidential Kubernetes deployments\, from eBPF snooping and conntrack hijacking to hardware-assisted virtualization rootkits. We then present a production architecture that eliminates shared-trust assumptions by flattening the virtualization stack so every workload runs as a TEE-protected guest\, gating all secrets\, identities\, and device access on a composite attestation chain\, and wrapping each shared primitive in a hardened overlay for compute\, network\, storage\, control-plane\, identity\, and observability.\n \n Attendees will learn which Kubernetes primitives leak across tenant boundaries\, how composite attestation closes those gaps\, and practical steps toward true multi-tenancy in confidential Kubernetes deployments.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Mint Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:71fa0d12f2e3bddeb666849d46260ec4
URL:http://ccsummit2026.sched.com/event/71fa0d12f2e3bddeb666849d46260ec4
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T223000Z
DTEND:20260623T225500Z
SUMMARY:GKE Hypercluster: Kubernetes TEEs for AI at Scale - Komei Nakamoto & Keith Moyer\, Google
DESCRIPTION:GKE Hypercluster brings large-scale operation of Trusted Execution Environments to Kubernetes\, and was co-designed with Anthropic to meet their security and scale. In this talk we explain the linked runner architecture that drastically reduces the Trusted Compute Base (TCB) by completely separating high-value workload execution from the standard container orchestration control plane. In this model\, sensitive AI workloads are offloaded to a dedicated\, “sealed” virtual machine. The Kubernetes scheduling and orchestration remains on a non-sealed "parent" node\, preserving Kubernetes primitives (ie. Pods\, Network Policy) and operational familiarity while achieving workload isolation. The execution environment is built on a hardened and attested OS\, removing non-essential services and preventing administrative shell access. Integrity is guaranteed through attestation and container signature verification. \n \n This design establishes a strict chain of trust\, offers isolation from the Kubernetes operator and Cloud Service Provider\, supports high-performance AI accelerators within the sealed boundary\, and enhances scalability by managing isolated environments with a reduced system footprint.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:0d35d4968dd6bed2cc986655312c0d8c
URL:http://ccsummit2026.sched.com/event/0d35d4968dd6bed2cc986655312c0d8c
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T223000Z
DTEND:20260623T225500Z
SUMMARY:Resilient Real-Time Payments With Confidential Computing Architectures - Abhinav Reddy Jutur\, J P Morgan Chase and Co.
DESCRIPTION:Real-time payment systems are transforming the global financial ecosystem\, with 69 countries implementing real-time networks and transaction volumes continuing to grow. As expectations shift toward instant transactions\, infrastructures must support high throughput while maintaining reliability\, data integrity\, and stronger data protection during processing. \n \n This session explores how modern distributed architectures enable scalable and resilient payment systems while aligning with confidential computing principles. It examines key concepts like the CAP theorem and trade-offs between consistency\, availability\, and partition tolerance in financial platforms handling sensitive data. \n \n It also covers architectures such as microservices\, event-driven systems\, CQRS\, and serverless computing\, along with techniques like distributed caching\, database sharding\, and dynamic load balancing. Attendees will gain practical insights into building fault-tolerant\, scalable payment systems for real-time digital transactions.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Gold Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:df63df50f97097d6c0e760307c64a586
URL:http://ccsummit2026.sched.com/event/df63df50f97097d6c0e760307c64a586
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T230000Z
DTEND:20260623T232500Z
SUMMARY:Agentic Zero Trust: at Rest\, in Transit\, and at Runtime - Nina Polshakova\, Solo.io & Josh Halley\, Cisco
DESCRIPTION:AI workloads handle some of the most sensitive data in modern enterprises\, from proprietary training datasets to user prompts and high-dimensional embeddings. Yet many AI pipelines are built without the rigorous security practices applied to traditional systems\, leaving critical gaps. \n \n Josh and Nina from the CNCF AI Working Group show how to apply Zero Trust principles to secure AI data at every stage: at rest\, in transit\, and in runtime. Attendees will learn why conventional approaches fail for AI\, highlighting risks like prompt injection\, embedding poisoning\, and GPU memory leakage\, and how Zero Trust\, combined with confidential computing\, provides a stronger security foundation. \n \n We’ll demonstrate how agent identity\, continuous attestation\, and trusted execution environments (TEEs) enforce runtime trust\, while encryption\, fine-grained access control\, and mTLS protect data at rest and in transit. \n \n Attendees will gain actionable strategies for securing every stage of the AI data lifecycle using modern encryption\, policy enforcement\, and runtime hardening.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Gold Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:3015c71d282f77d983d43a362fb23d37
URL:http://ccsummit2026.sched.com/event/3015c71d282f77d983d43a362fb23d37
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T230000Z
DTEND:20260623T232500Z
SUMMARY:Governing AI Agents at the Hardware Boundary - Imran Siddique\, Microsoft
DESCRIPTION:AI agents are making real decisions: filing tickets\, moving money\, deploying code\, operating infrastructure. The&nbsp\;question is no longer what the agent should do. The question is: can you prove governance was actually&nbsp\;enforced?\n \nRight now\, all agent governance is software. Policy engines\, identity checks\, audit logs\, credentials: everything&nbsp\;lives in the same trust boundary as the agent itself. If someone compromises the runtime\, every control&nbsp\;disappears. Policies get bypassed. Credentials get exfiltrated. Audit logs get forged.\n Software governance makes promises. Hardware governance provides proofs.\n \nI will walk through what my team has built (the Agent Governance Toolkit)\, where the software limits are\, and how TEE-backed enforcement closes those gaps. Concrete architecture\, real code\, honest gap analysis.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:d5e5359a30bbf77a8607b4a927b33cbe
URL:http://ccsummit2026.sched.com/event/d5e5359a30bbf77a8607b4a927b33cbe
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T230000Z
DTEND:20260623T232500Z
SUMMARY:Running AI Agents Inside TEEs Without Losing Your Mind - Sonali Mishra\, Nutanix
DESCRIPTION:AI agents are making decisions\, calling tools\, and talking to other agents\, often with access to sensitive data they shouldn't be able to see in plaintext. The usual answer is to just trust the infrastructure\, but that falls apart in multi tenant clouds and cross org workflows. This talk covers what it actually takes to run agentic AI workloads inside Trusted Execution Environments. I'll walk through the architecture for isolating agent-to-agent communication using confidential VMs\, how attestation works when agents need to dynamically invoke external tools\, and the gotchas we hit around key management and session state. We'll look at real performance numbers and what the overhead looks like on GPU backed inference inside TEEs and where the bottlenecks actually are. Attendees will leave with a concrete reference architecture for deploying AI agents with hardware-rooted trust boundaries\, plus practical guidance on attestation flows for multi-party agent pipelines. If you're building agentic systems that handle regulated or sensitive data\, this talk gives you a starting point that doesn't require rearchitecting everything from scratch.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Mint Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:de9d0fac79a014cdee3d91555f0fb799
URL:http://ccsummit2026.sched.com/event/de9d0fac79a014cdee3d91555f0fb799
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260623T233000Z
DTEND:20260624T000000Z
SUMMARY:Keynote Panel Discussion: Anand Kashyap\, Fortanix; Marvin Tong\, Phala Network; and Additional Speakers to be Announced
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:0e041b8744fb045d2964b1bef4966b88
URL:http://ccsummit2026.sched.com/event/0e041b8744fb045d2964b1bef4966b88
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T000000Z
DTEND:20260624T003000Z
SUMMARY:Keynote: Closing & Wrap-Up
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:0f2580916e1d73e5675fa155a283e08c
URL:http://ccsummit2026.sched.com/event/0f2580916e1d73e5675fa155a283e08c
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T003000Z
DTEND:20260624T020000Z
SUMMARY:Evening Event
DESCRIPTION:\n
CATEGORIES:BREAKS / EXHIBITS / SPECIAL EVENTS
LOCATION:The Mint\, San Francisco\, CA\, USA
SEQUENCE:0
UID:a9003bc1426cb995c8ac552f7c9aa1c4
URL:http://ccsummit2026.sched.com/event/a9003bc1426cb995c8ac552f7c9aa1c4
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T150000Z
DTEND:20260625T040000Z
SUMMARY:Continental Breakfast
DESCRIPTION:\n
CATEGORIES:BREAKS / EXHIBITS / SPECIAL EVENTS
LOCATION:Column Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:2ecc745e05863b5aed0dcbc932515165
URL:http://ccsummit2026.sched.com/event/2ecc745e05863b5aed0dcbc932515165
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T150000Z
DTEND:20260625T000000Z
SUMMARY:Registration & Badge Pick-Up
DESCRIPTION:\n
CATEGORIES:BREAKS / EXHIBITS / SPECIAL EVENTS
LOCATION:Salon 3\, San Francisco\, CA\, USA
SEQUENCE:0
UID:58c87209cfad28b2c95923376ee121cb
URL:http://ccsummit2026.sched.com/event/58c87209cfad28b2c95923376ee121cb
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T150000Z
DTEND:20260624T160000Z
SUMMARY:Poster Presentations: Innovation
DESCRIPTION:1. Multi-Party Confidential RAG: Provable Safety Controls - Ryota Hashimoto\, NTT\n2. US Mutual Trust in the Cloud: Protecting Model IP and Customer Data with Confidential Containers - Ivan Font &&nbsp\; Donald Hunter\, Red Hat3. Proof beats Promise: Delivering Trust in the Age of AI - Lakshmi Hanspal\, DigiCert\n4. Confidential AI in Practice and at Scale: From Multi-GPU Execution to Browser-Based Attestation - Felix Schuster\, Edgeless Systems\n5. From Firmware to AI Agents: Achieve Full-Chain Trust with dstack - Hang Yin\, Phala6. Like It or Not\, AI Is Deciding: Securing Infrastructure for Autonomous Intent - Shweta Vohra\, Booking.com\n7. Audit\, Enforce\, Repeat! Seamless Confidentiality with CoCo and Kyverno - Jim Bugwadia\, Nirmata & Chris Butler\, Red Hat\n8. Beyond Identity: Attestation as the New TLS Trust Model - Jens Albers\, Fr0ntierX
CATEGORIES:POSTER SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:a985ae4fecd2cec0257ee1b7c1cd73df
URL:http://ccsummit2026.sched.com/event/a985ae4fecd2cec0257ee1b7c1cd73df
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T150000Z
DTEND:20260624T160000Z
SUMMARY:Poster Presentations: Research
DESCRIPTION:1. HaitiAidShield: Scaling Humanitarian Transparency with Confidential Computing - Vladimir Vilne\, Trusted Haitian Cyber2. Structural Privacy for Cross-Boundary AI Training for Compliant LLMs - Hina Dixit\, Decompute3. Privacy-Preserving Spatial AI: From Theory to Production - Abtin Aghagolian\, Pikd4. Achieving Hardware Root of Trust in the Real World - Yawang Wang\, Google5. Proof\, Not Promises: Securing AI Inference - Hugo Huang\, Canonical6. Stop Trusting Your Kernel: Split It - Cong Wang\, Multikernel Technologies7. Minimize\, Harden\, Extend: Rethinking OS Design for Confidential Agents - Kailun Qin\, Intel Corporation\; Mona Vij\, Intel Labs\; and Don Porter\, UNC Chapel Hill & AWS8. Building the Trusted Agent Ecosystem - Ivan Petrov & Patrick McGrath\,&nbsp\;Google DeepMind9. Privacy-preserving Medical AI Evaluation - Alexandros Karargyris\, MLCommons\n10. Standardization of Attested TLS Protocols for Confidential Computing - Muhammad Usama Sardar\, TU Dresden and GA4GH11. Trusted Execution\, Broken Assumptions: Real-World Failures in TEE Attestation Systems - Rahul Saxena\, Bluethroat Labs
CATEGORIES:POSTER SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:ca720d0fe2113747b141780f78e4abcf
URL:http://ccsummit2026.sched.com/event/ca720d0fe2113747b141780f78e4abcf
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T150000Z
DTEND:20260624T160000Z
SUMMARY:Poster Presentations: Use Cases
DESCRIPTION:1. How to Test a Confidential Agent Before Production - Sachin Gupta\, eBay2. Privacy for Proprietary Code in Confidential Compute Systems - Abdulla Alwabel & Shabsi Walfish\, Google3.&nbsp\;Phala Cloud: TEE-Native Cloud & Private Inference Platform - Hang Yin\,&nbsp\;Phala4. From Enclaves to Intents: Making Confidential Computing Usable - Cameron Dennis5. 3 Degrees of CC - Dan Middleton
CATEGORIES:POSTER SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:30603dc84e637bc107b9dc1b782e69f5
URL:http://ccsummit2026.sched.com/event/30603dc84e637bc107b9dc1b782e69f5
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T160000Z
DTEND:20260624T161000Z
SUMMARY:Keynote: Welcome Back - Aaron Fulkerson\, Chief Executive Officer\, OPAQUE
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:f6432efaec3cd0b8b12fe961fa328faa
URL:http://ccsummit2026.sched.com/event/f6432efaec3cd0b8b12fe961fa328faa
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T161000Z
DTEND:20260624T164000Z
SUMMARY:Keynote: Ivan Krstić\, Head of Security Engineering + Architecture (SEAR)
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:06e1555a1bbf0768fdc9ff40da86abc3
URL:http://ccsummit2026.sched.com/event/06e1555a1bbf0768fdc9ff40da86abc3
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T164000Z
DTEND:20260624T170000Z
SUMMARY:Keynote: Jason Clinton\, Deputy CISO\, Anthropic
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:2ff1330a1ed9e14167ea31c69ceddf0c
URL:http://ccsummit2026.sched.com/event/2ff1330a1ed9e14167ea31c69ceddf0c
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T165500Z
DTEND:20260624T172000Z
SUMMARY:Keynote Sessions to be Announced
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:30097f2b1ac86c3df0c7da01f503f3cf
URL:http://ccsummit2026.sched.com/event/30097f2b1ac86c3df0c7da01f503f3cf
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T172000Z
DTEND:20260624T173500Z
SUMMARY:Coffee Break
DESCRIPTION:\n
CATEGORIES:BREAKS / EXHIBITS / SPECIAL EVENTS
LOCATION:Column Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:b7ef7bf494d0c4f1d3be7ef242aae6ae
URL:http://ccsummit2026.sched.com/event/b7ef7bf494d0c4f1d3be7ef242aae6ae
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T173500Z
DTEND:20260624T175500Z
SUMMARY:Keynote: Monique Dumais\, Senior Vice President & CIO\, Encore Capital Group
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:20f92f70c602b1dba5a8a030d90b0823
URL:http://ccsummit2026.sched.com/event/20f92f70c602b1dba5a8a030d90b0823
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T175500Z
DTEND:20260624T181500Z
SUMMARY:Keynote: Ion Stoica\, Professor\, UC Berkeley\, Co-Founder and Executive Chairman\, Databricks and Anyscale\, Co-Founder and Board Member\, OPAQUE
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:fa8fc90c5997aa4629e66dd2f67095bd
URL:http://ccsummit2026.sched.com/event/fa8fc90c5997aa4629e66dd2f67095bd
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T181500Z
DTEND:20260624T184500Z
SUMMARY:Keynote Panel Discussion: Three Forces Making Confidential AI A Mandate - Monique Dumais\, Encore Capital Group; Jason Clinton\, Anthropic; Ion Stoica\, Professor\, UC Berkeley\, Databricks\, Anyscale' and Additional Speakers to be Announced
DESCRIPTION:Three forces are accelerating demand for verifiable AI trust and turning Confidential AI from a should into a must. First\, Mythos-class models and their successors make it probable that a malicious actor can place itself inside your environment. The agent is the attack surface. Second\, current agent architectures are data-leaky. An employee touching the data is one problem. A malicious agent is another. In regulated industries\, neither is acceptable. Third\, new regulations require runtime proof — what ran\, where\, under what rules — automated\, hardware-signed\, third-party-verifiable. The EU AI Act Article 12 enforcement hits August 2\, 2026\; sovereign-AI rules across the Gulf\, EU\, India\, and Singapore stack behind it. This panel explores what it actually takes to govern agentic AI in high-stakes environments: the architectural requirements\, the compliance obligations\, and the organizational shifts that make Confidential AI not just defensible\, but mandatory.\n\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:ec86f0288c004e6a7d11aa4a58a1de94
URL:http://ccsummit2026.sched.com/event/ec86f0288c004e6a7d11aa4a58a1de94
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T184500Z
DTEND:20260624T194500Z
SUMMARY:Lunch
DESCRIPTION:\n
CATEGORIES:BREAKS / EXHIBITS / SPECIAL EVENTS
LOCATION:Column Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:d6551bd68e2cd336544b817ccb054472
URL:http://ccsummit2026.sched.com/event/d6551bd68e2cd336544b817ccb054472
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T184500Z
DTEND:20260624T194500Z
SUMMARY:Poster Presentations: Innovation
DESCRIPTION:1. Multi-Party Confidential RAG: Provable Safety Controls - Ryota Hashimoto\, NTT\n2. US Mutual Trust in the Cloud: Protecting Model IP and Customer Data with Confidential Containers - Ivan Font &&nbsp\; Donald Hunter\, Red Hat3. Proof beats Promise: Delivering Trust in the Age of AI - Lakshmi Hanspal\, DigiCert\n4. Confidential AI in Practice and at Scale: From Multi-GPU Execution to Browser-Based Attestation - Felix Schuster\, Edgeless Systems\n5. From Firmware to AI Agents: Achieve Full-Chain Trust with dstack - Hang Yin\, Phala6. Like It or Not\, AI Is Deciding: Securing Infrastructure for Autonomous Intent - Shweta Vohra\, Booking.com\n7. Audit\, Enforce\, Repeat! Seamless Confidentiality with CoCo and Kyverno - Jim Bugwadia\, Nirmata & Chris Butler\, Red Hat\n8. Beyond Identity: Attestation as the New TLS Trust Model - Jens Albers\, Fr0ntierX
CATEGORIES:POSTER SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:95ff60b46901600aacea5defad01ea0a
URL:http://ccsummit2026.sched.com/event/95ff60b46901600aacea5defad01ea0a
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T184500Z
DTEND:20260624T194500Z
SUMMARY:Poster Presentations: Research
DESCRIPTION:1. HaitiAidShield: Scaling Humanitarian Transparency with Confidential Computing - Vladimir Vilne\, Trusted Haitian Cyber2. Structural Privacy for Cross-Boundary AI Training for Compliant LLMs - Hina Dixit\, Decompute3. Privacy-Preserving Spatial AI: From Theory to Production - Abtin Aghagolian\, Pikd4. Achieving Hardware Root of Trust in the Real World - Yawang Wang\, Google5. Proof\, Not Promises: Securing AI Inference - Hugo Huang\, Canonical6. Stop Trusting Your Kernel: Split It - Cong Wang\, Multikernel Technologies7. Minimize\, Harden\, Extend: Rethinking OS Design for Confidential Agents - Kailun Qin\, Intel Corporation\; Mona Vij\, Intel Labs\; and Don Porter\, UNC Chapel Hill & AWS8. Building the Trusted Agent Ecosystem - Ivan Petrov & Patrick McGrath\,&nbsp\;Google DeepMind9. Privacy-preserving Medical AI Evaluation - Alexandros Karargyris\, MLCommons\n10. Standardization of Attested TLS Protocols for Confidential Computing - Muhammad Usama Sardar\, TU Dresden and GA4GH11. Trusted Execution\, Broken Assumptions: Real-World Failures in TEE Attestation Systems - Rahul Saxena\, Bluethroat Labs
CATEGORIES:POSTER SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:e426c5185e8d736caeada64e57b3b2bb
URL:http://ccsummit2026.sched.com/event/e426c5185e8d736caeada64e57b3b2bb
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T184500Z
DTEND:20260624T194500Z
SUMMARY:Poster Presentations: Use Cases
DESCRIPTION:1. How to Test a Confidential Agent Before Production - Sachin Gupta\, eBay2. Privacy for Proprietary Code in Confidential Compute Systems - Abdulla Alwabel & Shabsi Walfish\, Google3.&nbsp\;Phala Cloud: TEE-Native Cloud & Private Inference Platform - Hang Yin\,&nbsp\;Phala4. From Enclaves to Intents: Making Confidential Computing Usable - Cameron Dennis5. 3 Degrees of CC - Dan Middleton
CATEGORIES:POSTER SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:af0b9cb7ba965c30d235d3b924525c09
URL:http://ccsummit2026.sched.com/event/af0b9cb7ba965c30d235d3b924525c09
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T194500Z
DTEND:20260624T201000Z
SUMMARY:Characterizing NVIDIA Confidential Computing Overheads Across Model Inference & Training - Tanya Verma\, Tinfoil
DESCRIPTION:We'll walk through where NVIDIA CC overheads appear in the model inference and training pipeline across GPU architectures and try to understand why
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Gold Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:13e787be1cce5cbeba6e8737fa109574
URL:http://ccsummit2026.sched.com/event/13e787be1cce5cbeba6e8737fa109574
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T194500Z
DTEND:20260624T201000Z
SUMMARY:Session to be Announced
DESCRIPTION:\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:fdafbdb04793d215d677f6f545a5a882
URL:http://ccsummit2026.sched.com/event/fdafbdb04793d215d677f6f545a5a882
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T201500Z
DTEND:20260624T204000Z
SUMMARY:Session to be Announced
DESCRIPTION:\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Gold Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:41d970b0fe96bb4487c54a606cd06ba7
URL:http://ccsummit2026.sched.com/event/41d970b0fe96bb4487c54a606cd06ba7
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T201500Z
DTEND:20260624T204000Z
SUMMARY:Session to be Announced
DESCRIPTION:\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:82d62bd9a9c058381b65f4412d089c53
URL:http://ccsummit2026.sched.com/event/82d62bd9a9c058381b65f4412d089c53
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T204500Z
DTEND:20260624T211000Z
SUMMARY:ACompany Session (Speaker to be Announced)
DESCRIPTION:\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:a1392cc4d57a4c1737f77e308d75daf2
URL:http://ccsummit2026.sched.com/event/a1392cc4d57a4c1737f77e308d75daf2
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T204500Z
DTEND:20260624T211000Z
SUMMARY:Session to be Announced
DESCRIPTION:\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Gold Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:7072bc2fcee925a29d08936bafccbeb1
URL:http://ccsummit2026.sched.com/event/7072bc2fcee925a29d08936bafccbeb1
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T211500Z
DTEND:20260624T214500Z
SUMMARY:Panel Discussion: Speakers to be Announced
DESCRIPTION:\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:b84bab933c5922cd2cd02115f08ddc1d
URL:http://ccsummit2026.sched.com/event/b84bab933c5922cd2cd02115f08ddc1d
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T214500Z
DTEND:20260624T220000Z
SUMMARY:Coffee Break
DESCRIPTION:\n
CATEGORIES:BREAKS / EXHIBITS / SPECIAL EVENTS
LOCATION:Column Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:9ad134b21403fafd663444ebfd7a7deb
URL:http://ccsummit2026.sched.com/event/9ad134b21403fafd663444ebfd7a7deb
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T220000Z
DTEND:20260624T222500Z
SUMMARY:From Trust Assumptions To Trust Evidence: Why PKI and Confidential Computing Are Converging - Brian Trzupek\, DigiCert
DESCRIPTION:Every regulated industry runs on the same uncomfortable bargain:multi parties with conflicting interests agree to trust each other procedurally\, because no tech mechanism exists to verify the claims they're making. An MRI running an AI diagnostic model involves at least 5 stakeholders:the AI vendor protecting IP\, the hospital safeguarding patient data\, the device mfg ensuring FW integrity\, the regulator verifying the cleared algorithm is actually running\, and the patient who never consented to their scan training someone else's model. Today\, all of them take each other on faith. Confidential computing changes that equation from trust assumptions to trust evidence.This talk examines 2 concrete problem domains where we are applying HW-rooted attestation and PKI-based trust services to solve real\, urgent problems. 1st\, we walk through the brownfield medical device challenge: how do you retrofit TPM-based measured boot\, model integrity verification\, and remote attestation onto med. devices already deployed in the field without disrupting clinical operations? 2nd\, we present DigiCert's work on AI agent ID for agentic AI systems\; a problem that extends CC principles into the SW ID layer
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Mint Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:38c05621801d44003855ca8db63d61db
URL:http://ccsummit2026.sched.com/event/38c05621801d44003855ca8db63d61db
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T220000Z
DTEND:20260624T222500Z
SUMMARY:Global Agentic Identity and Programmable Trust: Lessons Learned From the NATO DIANA Pilot - Manu Fontaine\, Hushmesh Inc.
DESCRIPTION:NATO DIANA\, NATO’s innovation accelerator\, is building a heterogeneous\, cross-Allied ecosystem spanning innovators\, mentors\, test centers\, ministries of defense\, and other agencies across 32 Allied nations. This is the trust problem the Internet of Agents will face at global scale: how people\, organizations\, and their respective agents prove identity\, authority\, and credentials across trust boundaries without leaking private\, confidential\, or national-security knowledge.\nTo address this challenge\, DIANA sought a “chip-level zero-trust” identity infrastructure. Confidential Computing sits at the root: identity\, authentication\, authorization\, credentialing\, and key management are all unified and verified from the chips up. Each entity acts through its agent with its own cryptographic identity\, trust boundary\, knowledge isolation\, and globally verified execution.\n\nIn this session\, we will share lessons from the DIANA pilot and show why Agentic Identity is the foundational layer of Programmable Trust for the Internet of Agents: a model for sovereign ecosystems where agents interact\, coordinate\, and transact under hardware-backed guarantees of verifiability\, confidentiality\, and privacy.\n\n
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Gold Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:239a98c9788ffebd89f48f0abb42bb52
URL:http://ccsummit2026.sched.com/event/239a98c9788ffebd89f48f0abb42bb52
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T220000Z
DTEND:20260624T222500Z
SUMMARY:Q-Day Survival Guide: What the Post-quantum Cryptography Transition Means for Confidential Computing - Arthur Savage\, Red Hat
DESCRIPTION:Cryptographic algorithms will one day be broken by large quantum computers\, necessitating the replacement of classical cryptography (like RSA) with post-quantum cryptography (PQC). This event\, called Q-day\, is a rolling deadline with previous estimates falling around 2035. However\, in early 2026\, many groundbreaking developments rapidly shortened Q-day estimates to 2030 or sooner\, leaving little time to execute this unprecedented global cryptographic overhaul. \n \n This talk will put Q-day in context for the audience: timelines\, the recent scientific breakthroughs and how they alter threat models in open source\, and which gaps and blockers are most pressing. Then\, we view these blockers through the lens of confidential computing\, from hardware to software. We will discuss current risks and best practices\, then open the audience to discussion of the needs of diverse applications across the confidential computing ecosystem. This talk is both informative and information-gathering\, fostering mutual understanding and collaboration to integrate PQC before time runs out. This talk will be technical\, but no prior knowledge about PQC is necessary and we welcome participation from all.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:81ebe55ee1e15045263dfe16e9c87227
URL:http://ccsummit2026.sched.com/event/81ebe55ee1e15045263dfe16e9c87227
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T223000Z
DTEND:20260624T225500Z
SUMMARY:Privacy-Preserving Fraud Intelligence for India's Open Finance Ecosystem Using TEEs - Kiran Gopinath\, Sahamati Foundation & Rene Kolga\, Google Cloud
DESCRIPTION:Loan fraud in India is a $4 billion annual problem. Simultaneously\, it is very hard to detect and prevent this when each lender sees only their slice of a borrower's activity. India's Open Finance framework\, called Account Aggregator\, establishes the foundation for coordinated fraud prevention at scale. However\, lenders cannot pool raw borrower data to combat it. \n \n Aikya\, built on a Trusted Execution Environment\, provides the answer by running cross-institutional velocity checks inside a secure enclave where no participant sees another's data\, turning a privacy constraint into a structural guarantee. \n \n Sahamati Foundation governs India's Open Finance framework enabling individuals and businesses to share real-time financial data across financial institutions and fintechs with their consent. With over 1\,000 participating entities and tens of millions of active data flows\, it is one of the largest Open Finance deployments in the world.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Gold Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:3e783fb3732f22dbb6b5e4ffbe9b9d2c
URL:http://ccsummit2026.sched.com/event/3e783fb3732f22dbb6b5e4ffbe9b9d2c
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T223000Z
DTEND:20260624T225500Z
SUMMARY:Realizing Confidential VMs Ensuring Privacy of AI Features at LY Corporation in a Real-World Cloud - LY Corporation - Hiroki Narukawa & Akihiro Misawa\, LY Corporation
DESCRIPTION:This presentation shows a real-world example of our private cloud introducing Confidential VMs based on SEV-SNP where application in container is included in trust boundary. \n \n At LY Corporation\, as part of our privacy enhancement for LINE (messaging app with 194 million active users)\, we provide Confidential VMs powered by AMD SEV-SNP in our private cloud. This ensures that even employees cannot access data input to AI systems\, and that the data remains protected even in the event of infrastructure compromise. \n \n This session focuses on two parts: one is mobile client perspective\, the other is cloud-user perspective. \n \n In our Confidential VM implementation\, the whole system including application can be attested to the mobile clients using Attestation Report feature of SEV-SNP. \n \n Our implementation includes SEV-SNP support in OpenStack\, OVMF provisioning to ensure attestation\, and our OS image to ensure that only the expected application is running. By designing the chain of trust\, everything including OVMF\, kernel\, OS image and container image is included inside the trust boundary\, while cloud users can use the common OS image.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Mint Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:e2bc91fd49c965c17600e4a046d07d83
URL:http://ccsummit2026.sched.com/event/e2bc91fd49c965c17600e4a046d07d83
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T223000Z
DTEND:20260624T225500Z
SUMMARY:WhatsApp Private Processing - Kevin Hui\, Yunqi Li\, Sidharth Verma\, Henry Wang & Varun Patil\, Meta
DESCRIPTION:WhatsApp (Meta) launched its flagship Confidential Computing use-case last year (https://engineering.fb.com/2025/04/29/security/whatsapp-private-processing-ai-tools/)\, introducing one of the first large-scale applications of confidential computing. In this presentation\, we will go over an overview of how Private Processing works\, the operational lessons we learned while deploying confidential virtual machines at the scale of WhatsApp\, and where we think the evolution of our Private Processing stack will take us for years to come. \n \n Topics: \n - CVM hardening \n - Binary transparency \n - OHTTP \n - Remote Attestation TLS (RA-TLS) \n - Debugging CVMs in production \n - Virtual Research Environment \n - And others
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:f3576b1b323576e914c6843179ee71b4
URL:http://ccsummit2026.sched.com/event/f3576b1b323576e914c6843179ee71b4
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T230000Z
DTEND:20260624T232500Z
SUMMARY:A Large-Scale Data Clean Room Case Study in Japan: Confidential Computing and Privacy Regulations - ACompany (Speakers to be Announced)
DESCRIPTION:AI model advancement demands cross-enterprise data collaboration\, but strict privacy regulations create barriers. This session explores a commercialized Data Clean Room in Japan by Acompany and KDDI\, a Fortune Global 500 telecom company. \n We will share the architecture enabling secure data matching and privacy-preserving AI development. We detail how this satisfies the strict third-party data transfer restrictions under Japan's Act on the Protection of Personal Information (APPI). By keeping the calculation process protected\, enterprises can jointly analyze sensitive large-scale datasets—including personal and location data—without exposing raw information to partners. \n Furthermore\, we explore the relationship between policy discussions and CC in Japan. With CC recognized as an essential data security technology in public and private sectors\, we discuss the potential for market expansion. We provide insights into how bridging governance and technology creates a scalable confidential AI infrastructure. \n \n Note: Session content is subject to minor changes.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Gold Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:c541691cbba9e0ed88a9e7c19f6828df
URL:http://ccsummit2026.sched.com/event/c541691cbba9e0ed88a9e7c19f6828df
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T230000Z
DTEND:20260624T232500Z
SUMMARY:Overview of the AWS Nitro System: Building Trust Through Secure Cloud Infrastructure - Matthew Wilson\, Amazon
DESCRIPTION:The AWS Nitro System is the foundation for modern Amazon EC2 instances that enables AWS to innovate faster\, reduce cost for customers\, and deliver added benefits like increased security and new instance types. We've applied formal methods to the Nitro System since day one. AWS has reimagined our virtualization infrastructure. Traditionally\, hypervisors protect physical hardware and BIOS\, virtualize CPU\, storage\, and networking\, and provide management capabilities. The Nitro System breaks apart those functions\, offloads them to dedicated hardware and software\, and reduces costs by delivering nearly all server resources to instances. \n \n This session explores the architecture and security model of the Nitro System\, demonstrating how offloading virtualization functions minimizes the hypervisor attack surface and enables features like secure boot and Nitro Enclaves. We'll introduce the Nitro Isolation Engine\, where we've applied formal methods. Starting from proving correctness properties of early boot firmware and the API endpoint component of the Nitro Controller\, the Nitro Isolation Engine is a minimal trusted computing base and is a default capability of AWS Graviton5 processors
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:4a806222a99683506408c855bbe67d97
URL:http://ccsummit2026.sched.com/event/4a806222a99683506408c855bbe67d97
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T230000Z
DTEND:20260624T232500Z
SUMMARY:Private Model as a Service: Zero-Trust Blueprint for Protecting AI Weights - Marcos Entenza\, Red Hat
DESCRIPTION:In the agentic era\, deploying proprietary AI on-premises raises a critical question: how do you protect model IP when infrastructure admins have full hardware access? This session introduces Private Model as a Service (PMaaS)\, a production-ready reference architecture that secures AI model weights across their entire lifecycle using hardware-rooted Trusted Execution Environments (TEEs). \n \n We dive into the technical orchestration of Confidential Containers (CoCo) and KServe to build a cryptographically verified inference pipeline with vLLM. Model weights are distributed and decrypted exclusively inside hardware-verified CPU TEEs (Intel TDX\, AMD SEV-SNP) with GPU memory protection (NVIDIA H100/B200). Remote attestation via a Key Broker Service (KBS) ensures decryption keys are only released to policy-compliant\, verified environments. \n \n We also cover the challenges of running vLLM inside restricted TEEs and our work upstreaming GPU attestation logic into Kata Containers and CoCo. Attendees leave with a practical blueprint for deploying zero-trust confidential AI workloads that decouple model security from infrastructure trust.
CATEGORIES:BREAKOUT SESSIONS
LOCATION:Mint Ballroom\, San Francisco\, CA\, USA
SEQUENCE:0
UID:1ac0df3d3025555c73493def8570e696
URL:http://ccsummit2026.sched.com/event/1ac0df3d3025555c73493def8570e696
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20260523T174025Z
DTSTART:20260624T233000Z
DTEND:20260625T003000Z
SUMMARY:Keynote: Closing & Wrap-Up
DESCRIPTION:\n
CATEGORIES:KEYNOTE SESSIONS
LOCATION:Courtyard\, San Francisco\, CA\, USA
SEQUENCE:0
UID:ad993476b9d4b20af64c4fb7f396f942
URL:http://ccsummit2026.sched.com/event/ad993476b9d4b20af64c4fb7f396f942
END:VEVENT
END:VCALENDAR