Loading…
Tuesday, June 23
 

9:20am PDT

Keynote: Attested, Transparent, Sovereign: The Evolution of Confidential Computing - Mark Russinovich, CTO, Deputy CISO and Technical Fellow, Microsoft Azure, Microsoft
Tuesday June 23, 2026 9:20am - 9:40am PDT
Over the past decade, Microsoft has helped move confidential computing from research into real-world cloud infrastructure, platforms, and services. In this keynote, Mark will trace that evolution through the expanding promises of confidential computing, from protecting individual workloads to enabling verifiable trust across entire systems. He will share examples from Microsoft’s adoption journey and discuss the next frontier: confidential sovereignty, where organizations can verify code, enforce policy, and retain control across compute, networking, and software supply chains.

Speakers
avatar for Mark Russinovich

Mark Russinovich

CTO, Deputy CISO and Technical Fellow, Microsoft Azure, Microsoft
Mark Russinovich is CTO, Deputy CISO, and Technical Fellow for Microsoft Azure, Microsoft’s global enterprise-grade cloud platform. A widely recognized expert in distributed systems, operating systems and cybersecurity, Mark earned a Ph.D. in computer engineering from Carnegie Mellon... Read More →
Tuesday June 23, 2026 9:20am - 9:40am PDT
Courtyard
  Keynote Sessions
  • Slides Attached Yes

1:45pm PDT

Confidential Tenancy: Towards Digital Sovereignty on Public Clouds - Antoine Delignat-Lavaud, Microsoft
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Digital Sovereignty is commonly interpreted as a legal concept - but can it be turned into a technical guarantee? We introduce a new sovereignty boundary within existing public cloud infrastructure built on (and generalizing) the concept of confidential computing, where a given workload is totally isolated from its surrounding shared infrastructure within a trusted execution environment (TEE), enforced and attested in hardware. Although the concept of TEEs applies to a unit of computation (e.g., a process, VM, or container), we propose to extend these security guarantees to an entire cloud tenant, i.e., a cloud account with all its resources – IaaS (i.e., VMs), PaaS (e.g., Kubernetes clusters), and SaaS (e.g., model-as-a-service endpoints) and its associated management layer, including its own identity, access control and key management services. Critically, we introduce virtual data diode (VDD), a novel primitive that allows confidential tenants to control all movements of data within and without their confidential tenancy, including traffic to shared infrastructure services. We also introduce new operator controls to ensure that support requests can be addressed when operators need access to logs or must perform manual maintenance actions on the tenant’s resources, while ensuring that all maintenance actions can be reviewed and approved by the confidential tenant. 

Speakers
avatar for Antoine Delignat-Lavaud

Antoine Delignat-Lavaud

Principal Researcher, Microsoft
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:00pm PDT

From Pixels To Agents: Optimizing On-Device Performance of Confidential Computing in AI Evolution - Savas Ozkan, Samsung Research UK, Samsung Electronics
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Unlike server-side confidential AI, on-device confidential AI must balance strong protection of sensitive personal data with efficient operation under limited computational resources.

In this talk, we explore the impacts of CC on on-device AI performance for various AI models and tools by identifying some root-causes. First, we recognise that CC overheads vary across AI models during critical operations such as data read/write, model loading and inference phases, supported by detailed experiments. Second, we investigate multiple designs for AI agent tools in CC, especially by considering different AI memory modules, that present distinct overheads compared to traditional AI models. To enable systematic evaluation, we develop a modular software framework integrated with the open-source ISLET CC project. This framework supports configurable benchmarking of AI agent tools, and will be publicly released to foster the reproducibility and collaboration within the CC community. Lastly, since these performance drops can negatively impact the user experience, we propose a set of techniques that minimise the overhead related with model loading while ensuring robust privacy protection.
Speakers
avatar for Savas Ozkan

Savas Ozkan

Engineering Manager, Samsung Research UK
Savas Ozkan received the Ph.D. degree from the Department of Electrical and Electronics Engineering, Middle East Technical University, Ankara, Turkey. Currently, he is leading Efficient Machine Learning Group at Samsung Research UK, focusing on on-device AI solutions for vision, language... Read More →
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Mint Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:30pm PDT

"If It's Shared, It's Vulnerable": Is Kubernetes the Right Platform for Confidential Compute? - Zvonko Kaiser, NVIDIA
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Kubernetes shares host kernels, network stacks, storage paths, and control planes across tenants. These shared primitives become attack surfaces when tenants cannot trust each other or the infrastructure operator.

We enumerate the threat surfaces in confidential Kubernetes deployments, from eBPF snooping and conntrack hijacking to hardware-assisted virtualization rootkits. We then present a production architecture that eliminates shared-trust assumptions by flattening the virtualization stack so every workload runs as a TEE-protected guest, gating all secrets, identities, and device access on a composite attestation chain, and wrapping each shared primitive in a hardened overlay for compute, network, storage, control-plane, identity, and observability.

Attendees will learn which Kubernetes primitives leak across tenant boundaries, how composite attestation closes those gaps, and practical steps toward true multi-tenancy in confidential Kubernetes deployments.
Speakers
avatar for Zvonko Kaiser

Zvonko Kaiser

Principal Systems Engineer, NVIDIA
Zvonko is a Principal Systems Engineer at NVIDIA, working on the Cloud Native Technologies team. Focusing right now on all things related to confidential computing, zero-trust, especially in the context of accelerators.
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Mint Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:30pm PDT

GKE Hypercluster: Kubernetes TEEs for AI at Scale - Komei Nakamoto & Keith Moyer, Google
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
GKE Hypercluster brings large-scale operation of Trusted Execution Environments to Kubernetes, and was co-designed with Anthropic to meet their security and scale. In this talk we explain the linked runner architecture that drastically reduces the Trusted Compute Base (TCB) by completely separating high-value workload execution from the standard container orchestration control plane. In this model, sensitive AI workloads are offloaded to a dedicated, “sealed” virtual machine. The Kubernetes scheduling and orchestration remains on a non-sealed "parent" node, preserving Kubernetes primitives (ie. Pods, Network Policy) and operational familiarity while achieving workload isolation. The execution environment is built on a hardened and attested OS, removing non-essential services and preventing administrative shell access. Integrity is guaranteed through attestation and container signature verification.

This design establishes a strict chain of trust, offers isolation from the Kubernetes operator and Cloud Service Provider, supports high-performance AI accelerators within the sealed boundary, and enhances scalability by managing isolated environments with a reduced system footprint.
Speakers
avatar for Keith Moyer

Keith Moyer

Technical Lead, Confidential Computing, Google
Keith Moyer is the Technical Lead for Confidential Computing at Google Cloud. He has spent the last 10 years dedicated to making verifiable trust accessible and useful, with over 20 years of experience spanning cloud security and embedded systems. He holds a BS in Computer Engineering... Read More →
avatar for Komei Nakamoto

Komei Nakamoto

GKE AI Security Tech Lead, Google
Komei is a software engineer at Google, and the Tech Lead for the GKE AI Security team focused on making GKE a secure platform for running AI workloads.
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Courtyard
  Breakout Sessions
  • Slides Attached Yes

4:00pm PDT

Agentic Zero Trust: at Rest, in Transit, and at Runtime - Nina Polshakova, Solo.io & Josh Halley, Cisco
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
AI workloads handle some of the most sensitive data in modern enterprises, from proprietary training datasets to user prompts and high-dimensional embeddings. Yet many AI pipelines are built without the rigorous security practices applied to traditional systems, leaving critical gaps.

Josh and Nina from the CNCF AI Working Group show how to apply Zero Trust principles to secure AI data at every stage: at rest, in transit, and in runtime. Attendees will learn why conventional approaches fail for AI, highlighting risks like prompt injection, embedding poisoning, and GPU memory leakage, and how Zero Trust, combined with confidential computing, provides a stronger security foundation.

We’ll demonstrate how agent identity, continuous attestation, and trusted execution environments (TEEs) enforce runtime trust, while encryption, fine-grained access control, and mTLS protect data at rest and in transit.

Attendees will gain actionable strategies for securing every stage of the AI data lifecycle using modern encryption, policy enforcement, and runtime hardening.
Speakers
avatar for Nina Polshakova

Nina Polshakova

Senior Principal Software Engineer, Solo.io
Nina is a software engineer at Solo.io, working on AI Gateway projects. She contributes to open source projects, including Kubernetes, Istio, kagent, agentgateway, and kgateway. A CNCF Ambassador and former Kubernetes v1.33 Release Lead, she’s also a member of the Cloud Native AI... Read More →
avatar for Josh Halley

Josh Halley

Principal Architect, Cisco
Josh Halley, is a Principal Architect and published technical author, in the office of the CTO at Cisco,
focused on next generation technologies and technical transformation for some
of Cisco’s largest global customers. His main focus today is in the domains of AI Operations, leading and supporting multiple teams in their generation of Agentic AI systems to support todays and tomorrows future technologies use cases... Read More →
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

4:00pm PDT

Running AI Agents Inside TEEs Without Losing Your Mind - Sonali Mishra, Nutanix
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
AI agents are making decisions, calling tools, and talking to other agents, often with access to sensitive data they shouldn't be able to see in plaintext. The usual answer is to just trust the infrastructure, but that falls apart in multi tenant clouds and cross org workflows. This talk covers what it actually takes to run agentic AI workloads inside Trusted Execution Environments. I'll walk through the architecture for isolating agent-to-agent communication using confidential VMs, how attestation works when agents need to dynamically invoke external tools, and the gotchas we hit around key management and session state. We'll look at real performance numbers and what the overhead looks like on GPU backed inference inside TEEs and where the bottlenecks actually are. Attendees will leave with a concrete reference architecture for deploying AI agents with hardware-rooted trust boundaries, plus practical guidance on attestation flows for multi-party agent pipelines. If you're building agentic systems that handle regulated or sensitive data, this talk gives you a starting point that doesn't require rearchitecting everything from scratch.
Speakers
avatar for Sonali Mishra

Sonali Mishra

Principal Product Manager - AI & Cloud Native, Nutanix
As a Principal Cloud Native at Nutanix, I am passionate about driving innovation and empowering organizations to build secure and resilient solutions in their cloud-native journey. With our significant presence in US government, I aim to ensure organizations can adopt Kubernetes securely... Read More →
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Mint Ballroom
  Breakout Sessions
  • Slides Attached Yes
 
Wednesday, June 24
 

9:40am PDT

Keynote: The Defender Advantage Has a Single Point of Failure - Jason Clinton, Deputy CISO, Anthropic
Wednesday June 24, 2026 9:40am - 10:00am PDT
We are 2–5 years from a world where software stops shipping security bugs, because every CI/CD pipeline runs a Mythos-class model. That is the permanent defender advantage. The whole thesis rests on a single artifact: the weights of that model. If those weights leak, the advantage inverts overnight. If access to them can't be relied upon, the world routes around us to open weights. Confidential computing is the control that protects the control.
Speakers
avatar for Jason Clinton

Jason Clinton

Deputy CISO, Anthropic
Wednesday June 24, 2026 9:40am - 10:00am PDT
Courtyard
  Keynote Sessions
  • Slides Attached Yes

10:00am PDT

Keynote: Privacy at the Hardware Level: Why the Stack Has to Change Before the Rules Can - Brittany Kaiser, CEO, Alpha Compute
Wednesday June 24, 2026 10:00am - 10:20am PDT
Regulation follows architecture. Until now, data privacy has been a policy question. Confidential computing makes it a hardware guarantee. Brittany Kaiser, CEO of Alpha Compute, explores how sovereign AI infrastructure, enforced at the silicon level, changes the accountability equation for enterprises and nation-states alike. She draws on Alpha Compute’s work with institutions running sensitive workloads inside sealed, verifiable enclaves, and makes the case that the agentic AI era demands a new foundation, not a patch on the old one.
Speakers
avatar for Brittany Kaiser

Brittany Kaiser

CEO, Alpha Compute Corp
Brittany Kaiser is Chief Executive Officer of Alpha Compute Corp. (Nasdaq: ALP), where she leads strategy in confidential computing, data sovereignty, and AI infrastructure. A globally recognized authority on data rights, digital assets, and AI governance, she became a leading voice... Read More →
Wednesday June 24, 2026 10:00am - 10:20am PDT
Courtyard
  Keynote Sessions
  • Slides Attached Yes

10:35am PDT

Keynote: Monique Dumais, Senior Vice President & CIO, Encore Capital Group
Wednesday June 24, 2026 10:35am - 10:55am PDT

Speakers
avatar for Monique Dumais

Monique Dumais

CIO, Encore Capital Group
Monique Dumais joined Encore Capital Group® in 2019 and serves as Senior Vice President, Chief Information Officer for Encore Capital Group and Midland Credit Management. In this role, Ms. Dumais is responsible for enabling the business to achieve its goals by delivering strategic... Read More →
Wednesday June 24, 2026 10:35am - 10:55am PDT
Courtyard
  Keynote Sessions
  • Slides Attached Yes

10:55am PDT

Keynote: Ion Stoica, Professor, UC Berkeley, Co-Founder and Executive Chairman, Databricks and Anyscale, Co-Founder and Board Member, OPAQUE
Wednesday June 24, 2026 10:55am - 11:15am PDT

Speakers
avatar for Ion Stoica

Ion Stoica

Professor, UC Berkeley
Ion Stoica is a Professor in the EECS Department and holds the Xu Bao Chancellor Chair at the University of California at Berkeley, the Director of Sky Computing Lab, and the Executive Chairman of Databricks and Anyscale. He is currently doing research on AI systems and cloud computing... Read More →
Wednesday June 24, 2026 10:55am - 11:15am PDT
Courtyard
  Keynote Sessions
  • Slides Attached Yes

12:45pm PDT

PetalGuard, A Privacy-preserving Federated Learning Framework - Victor Sucasas, TII
Wednesday June 24, 2026 12:45pm - 1:10pm PDT


Speakers
avatar for Victor Sucasas

Victor Sucasas

Senior Director, TII
Dr. Victor Sucasas is a cryptography engineer and researcher specializing in privacy-preserving technologies, confidential computing, and secure AI systems. He is Senior Director Cryptography at Technology Innovation Institute in Abu Dhabi, where he leads the Privacy Enhancing Technologies... Read More →
Wednesday June 24, 2026 12:45pm - 1:10pm PDT
Courtyard
  Breakout Sessions
  • Slides Attached Yes

1:45pm PDT

Confidential Computing for Sovereign AI: The Emerging Opportunity in Japan - Takeharu Kondo & Shuzo Ueki, Acompany Co., Ltd.
Wednesday June 24, 2026 1:45pm - 2:10pm PDT
As generative AI and AI agents rapidly evolve, interest in Sovereign AI is growing worldwide. In Japan, demand is increasing for trusted AI infrastructure across sectors such as defense, healthcare, manufacturing, telecommunications, and critical infrastructure. This session introduces the latest trends in Sovereign AI and Confidential Computing (CC) in Japan.
Japan is advancing Confidential Computing enabled data centers, secure data collaboration platforms, and privacy-preserving AI environments. Expectations are also growing for CC adoption in government-led projects and critical infrastructure sectors.

In this session, we discuss the opportunities surrounding Sovereign AI in Japan for AI model providers, cloud providers, GPU vendors, and data center operators. Through real-world examples, we explore how CC is becoming a core technology for building Trusted AI Infrastructure in the AI agent era.

Speakers
avatar for Shuzo Ueki

Shuzo Ueki

CFO, Acompany Co., Ltd.
Shuzo Ueki is CFO of Acompany Co., Ltd., where he oversees finance, business development, and strategic partnerships. He has experience in strategy consulting, venture capital, corporate carve-outs, and startup financing, and has advised companies across multiple industries on business... Read More →
avatar for Takeharu Kondo

Takeharu Kondo

Co-founder / Chief Research and Development Officer, Acompany Co., Ltd.
Takeharu Kondo is Co-founder and Chief R&D Officer of Acompany, a Japanese startup building Confidential AI — AI you can trust with your most sensitive data. Since co-founding the company in 2018, he has led applied R&D that turns Confidential Computing and privacy-enhancing technologies... Read More →
Wednesday June 24, 2026 1:45pm - 2:10pm PDT
Courtyard
  Breakout Sessions
  • Slides Attached Yes

1:45pm PDT

How OPAQUE Enables Hardware-enforced AI Governance- Rishabh Poddar, OPAQUE Systems
Wednesday June 24, 2026 1:45pm - 2:10pm PDT
Your AI stack is bleeding data and you can't prove otherwise. This talk covers the OPAQUE Confidential AI Platform and how it enforces AI governance.

Speakers
avatar for Rishabh Poddar

Rishabh Poddar

Co-Founder & CTO, OPAQUE Systems
Co-Founder & CTO of OPAQUE Systems. PhD, UC Berkeley.
Wednesday June 24, 2026 1:45pm - 2:10pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:00pm PDT

From Trust Assumptions To Trust Evidence: Why PKI and Confidential Computing Are Converging - Brian Trzupek, DigiCert
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
Every regulated industry runs on the same uncomfortable bargain:multi parties with conflicting interests agree to trust each other procedurally, because no tech mechanism exists to verify the claims they're making. An MRI running an AI diagnostic model involves at least 5 stakeholders:the AI vendor protecting IP, the hospital safeguarding patient data, the device mfg ensuring FW integrity, the regulator verifying the cleared algorithm is actually running, and the patient who never consented to their scan training someone else's model. Today, all of them take each other on faith. Confidential computing changes that equation from trust assumptions to trust evidence.This talk examines 2 concrete problem domains where we are applying HW-rooted attestation and PKI-based trust services to solve real, urgent problems. 1st, we walk through the brownfield medical device challenge: how do you retrofit TPM-based measured boot, model integrity verification, and remote attestation onto med. devices already deployed in the field without disrupting clinical operations? 2nd, we present DigiCert's work on AI agent ID for agentic AI systems; a problem that extends CC principles into the SW ID layer
Speakers
avatar for Brian Trzupek

Brian Trzupek

Sr. Vice President Product, DigiCert
Brian Trzupek is SVP of Product at DigiCert. A crypto and security tech by day and night, Trzupek brings nearly two decades of expertise on many security subjects to the team. He is often brainstorming use cases for enterprise PKI (Public Key Infrastructure) facilitated by the industry-leading... Read More →
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
Mint Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:00pm PDT

Global Agentic Identity and Programmable Trust: Lessons Learned From the NATO DIANA Pilot - Manu Fontaine, Hushmesh Inc.
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
NATO DIANA, NATO’s innovation accelerator, is building a heterogeneous, cross-Allied ecosystem spanning innovators, mentors, test centers, ministries of defense, and other agencies across 32 Allied nations. This is the trust problem the Internet of Agents faces at global scale: how people, organizations, and their respective agents prove identity, authority, and credentials across trust boundaries without leaking private, confidential, or national-security knowledge.

To address this challenge, DIANA sought a “chip-level zero-trust” identity infrastructure. Confidential Computing sits at the root: identity, authentication, authorization, credentialing, and key management are all unified and verified from the chips up. Each entity acts through its agent with its own cryptographic identity, trust boundary, knowledge isolation, and globally verified execution.

In this session, we will share lessons from the DIANA pilot and show why Global Agentic Identity is the foundational layer of Direct Programmable Trust for the Internet of Agents: a model for sovereign ecosystems where agents interact, coordinate, and transact under hardware-backed guarantees of verifiability, confidentiality, and privacy.

Speakers
avatar for Manu Fontaine

Manu Fontaine

Founder and CEO, Hushmesh Inc.
Manu Fontaine is the Founder and CEO of Hushmesh, a dual-use, early-stage, Delaware Public Benefit Corporation in the Washington DC area. Hushmesh leverages Confidential Computing technology to develop, deploy, and operate "the Mesh": the Programmable Trust infrastructure for the... Read More →
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:00pm PDT

Q-Day Survival Guide: What the Post-quantum Cryptography Transition Means for Confidential Computing - Arthur Savage, Red Hat
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
Cryptographic algorithms will one day be broken by large quantum computers, necessitating the replacement of classical cryptography (like RSA) with post-quantum cryptography (PQC). This event, called Q-day, is a rolling deadline with previous estimates falling around 2035. However, in early 2026, many groundbreaking developments rapidly shortened Q-day estimates to 2030 or sooner, leaving little time to execute this unprecedented global cryptographic overhaul.

This talk will put Q-day in context for the audience: timelines, the recent scientific breakthroughs and how they alter threat models in open source, and which gaps and blockers are most pressing. Then, we view these blockers through the lens of confidential computing, from hardware to software. We will discuss current risks and best practices, then open the audience to discussion of the needs of diverse applications across the confidential computing ecosystem. This talk is both informative and information-gathering, fostering mutual understanding and collaboration to integrate PQC before time runs out. This talk will be technical, but no prior knowledge about PQC is necessary and we welcome participation from all.
Speakers
avatar for Arthur Savage

Arthur Savage

Software Engineer, Red Hat
Arthur Savage is a software engineer at Red Hat with a passion for cybersecurity. He has a Master's degree in Electrical and Computer Engineering with specialties in data analytics, image forensics, and post quantum cryptography.
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
Courtyard
  Breakout Sessions
  • Slides Attached Yes

3:30pm PDT

Privacy-Preserving Fraud Intelligence for India's Open Finance Ecosystem Using TEEs - Kiran Gopinath, Sahamati Foundation & Rene Kolga, Google Cloud
Wednesday June 24, 2026 3:30pm - 3:55pm PDT
Loan fraud in India is a $4 billion annual problem. Simultaneously, it is very hard to detect and prevent this when each lender sees only their slice of a borrower's activity. India's Open Finance framework, called Account Aggregator, establishes the foundation for coordinated fraud prevention at scale. However, lenders cannot pool raw borrower data to combat it.

Aikya, built on a Trusted Execution Environment, provides the answer by running cross-institutional velocity checks inside a secure enclave where no participant sees another's data, turning a privacy constraint into a structural guarantee.

Sahamati Foundation governs India's Open Finance framework enabling individuals and businesses to share real-time financial data across financial institutions and fintechs with their consent. With over 1,000 participating entities and tens of millions of active data flows, it is one of the largest Open Finance deployments in the world.
Speakers
avatar for Kiran Gopinath

Kiran Gopinath

Chief Innovation Officer and Head Sahamati Labs, Sahamati Foundation
As Chief Innovation Officer at Sahamati, Kiran leads initiatives shaping India’s Account Aggregator ecosystem, one of the world’s fastest-growing Open Finance networks and is the founder of Sahamati Labs, where he drives innovation at the intersection of AI, Open Finance. His... Read More →
avatar for Rene Kolga

Rene Kolga

Sr Product Manager, Google Cloud
Rene Kolga, CISSP, has over 15 years of cybersecurity experience in the areas of endpoint protection, insider threat, encryption and vulnerability management. Currently, he is a Product Manager at Google on the Confidential Computing team. Prior to Google, Rene worked for Symantec... Read More →
Wednesday June 24, 2026 3:30pm - 3:55pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:30pm PDT

Realizing Confidential VMs Ensuring Privacy of AI Features at LY Corporation in a Real-World Cloud - LY Corporation - Hiroki Narukawa & Akihiro Misawa, LY Corporation
Wednesday June 24, 2026 3:30pm - 3:55pm PDT
This presentation shows a real-world example of our private cloud introducing Confidential VMs based on SEV-SNP where application in container is included in trust boundary.

At LY Corporation, as part of our privacy enhancement for LINE (messaging app with 194 million active users), we provide Confidential VMs powered by AMD SEV-SNP in our private cloud. This ensures that even employees cannot access data input to AI systems, and that the data remains protected even in the event of infrastructure compromise.

This session focuses on two parts: one is mobile client perspective, the other is cloud-user perspective.

In our Confidential VM implementation, the whole system including application can be attested to the mobile clients using Attestation Report feature of SEV-SNP.

Our implementation includes SEV-SNP support in OpenStack, OVMF provisioning to ensure attestation, and our OS image to ensure that only the expected application is running. By designing the chain of trust, everything including OVMF, kernel, OS image and container image is included inside the trust boundary, while cloud users can use the common OS image.
Speakers
avatar for Akihiro Misawa

Akihiro Misawa

Infrastructure Engineer, LY Corporation
An infrastructure engineer at LY Corporation, working on system infrastructure. Involved in OS image management, automation, and internal tooling to support service operations at scale.
avatar for Hiroki Narukawa

Hiroki Narukawa

Software Engineer, LY Corporation
Software Engineer in LY Corporation, working on IaaS. Mainly developing software running inside hypervisors. Narukawa often scopes on low layer problems. Working on developing software and managing version of OpenStack, qemu, libvirt
Wednesday June 24, 2026 3:30pm - 3:55pm PDT
Mint Ballroom
  Breakout Sessions
  • Slides Attached Yes

4:00pm PDT

A Large-Scale Data Clean Room Case Study in Japan: Confidential Computing and Privacy Regulations - Takao Takenouchi & Takeharu Kondo, Acompany Co., Ltd.
Wednesday June 24, 2026 4:00pm - 4:25pm PDT
AI model advancement demands cross-enterprise data collaboration, but strict privacy regulations create barriers. This session explores a commercialized Data Clean Room in Japan by Acompany and KDDI, a Fortune Global 500 telecom company.

We will share the architecture enabling secure data matching and privacy-preserving AI development. We detail how this satisfies the strict third-party data transfer restrictions under Japan's Act on the Protection of Personal Information (APPI). By keeping the calculation process protected, enterprises can jointly analyze sensitive large-scale datasets—including personal and location data—without exposing raw information to partners.

Furthermore, we explore the relationship between policy discussions and CC in Japan. With CC recognized as an essential data security technology in public and private sectors, we discuss the potential for market expansion. We provide insights into how bridging governance and technology creates a scalable confidential AI infrastructure.

Note: Session content is subject to minor changes.
Speakers
avatar for Takao Takenouchi

Takao Takenouchi

VP of Public Affairs & Strategic Alliance, Acompany Co., Ltd.
Takao Takenouchi, Ph.D., is VP of Public Affairs & Strategic Alliance at Acompany Co., Ltd. He has nearly 20 years of experience in security and privacy technologies across major technology companies and startups in Japan. His work spans privacy-enhancing technologies, including Confidential... Read More →
avatar for Takeharu Kondo

Takeharu Kondo

Co-founder / Chief Research and Development Officer, Acompany Co., Ltd.
Takeharu Kondo is Co-founder and Chief R&D Officer of Acompany, a Japanese startup building Confidential AI — AI you can trust with your most sensitive data. Since co-founding the company in 2018, he has led applied R&D that turns Confidential Computing and privacy-enhancing technologies... Read More →
Wednesday June 24, 2026 4:00pm - 4:25pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

4:00pm PDT

Overview of the AWS Nitro System: Building Trust Through Secure Cloud Infrastructure - Matthew Wilson, Amazon
Wednesday June 24, 2026 4:00pm - 4:25pm PDT
The AWS Nitro System is the foundation for modern Amazon EC2 instances that enables AWS to innovate faster, reduce cost for customers, and deliver added benefits like increased security and new instance types. We've applied formal methods to the Nitro System since day one. AWS has reimagined our virtualization infrastructure. Traditionally, hypervisors protect physical hardware and BIOS, virtualize CPU, storage, and networking, and provide management capabilities. The Nitro System breaks apart those functions, offloads them to dedicated hardware and software, and reduces costs by delivering nearly all server resources to instances.

This session explores the architecture and security model of the Nitro System, demonstrating how offloading virtualization functions minimizes the hypervisor attack surface and enables features like secure boot and Nitro Enclaves. We'll introduce the Nitro Isolation Engine, where we've applied formal methods. Starting from proving correctness properties of early boot firmware and the API endpoint component of the Nitro Controller, the Nitro Isolation Engine is a minimal trusted computing base and is a default capability of AWS Graviton5 processors
Speakers
avatar for Matthew Wilson

Matthew Wilson

Vice President/Distinguished Engineer at Amazon, Amazon
Matt Wilson is a Vice President and Distinguished Engineer at Amazon Web Services. He leads the technical architecture of the Amazon Software Development Experience (ASBX) division, which owns secure software development lifecycle tools and processes. Matt was a lead designer of the... Read More →
Wednesday June 24, 2026 4:00pm - 4:25pm PDT
Courtyard
  Breakout Sessions
  • Slides Attached Yes
 
  • Filter By Date
  • Filter By Venue
  • Filter By Type
  • Audience
  • Slides Attached
  • Timezone

Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.