Loading…
Type: Breakout Sessions clear filter
Tuesday, June 23
 

12:45pm PDT

AMD Session (Speaker to be Announced)
Tuesday June 23, 2026 12:45pm - 1:10pm PDT
Gold Ballroom

Tuesday June 23, 2026 12:45pm - 1:10pm PDT
Gold Ballroom
  Breakout Sessions

12:45pm PDT

Securing the Future with Azure Confidential Computing - Run Cai & Ashutosh Chickerur, Microsoft
Tuesday June 23, 2026 12:45pm - 1:10pm PDT
Courtyard
Confidential computing is becoming a critical foundation for cloud security in an era defined by AI acceleration, data sovereignty requirements, and rising expectations for end-to-end protection of sensitive workloads. Azure is advancing this space with new infrastructure, stronger platform protections, and innovations designed to make confidential workloads more resilient, scalable, and production ready. This session will highlight the latest Azure Confidential Computing developments, including v6 confidential VMs on AMD and Intel, expanded Azure regional availability, and continued progress in production readiness. We will also look ahead to live migration for confidential VMs, including a live demo, and discuss how this capability improves workload continuity during planned security updates and unexpected hardware events. In addition, we will explore future investments acrossenclaves, platform attestation, and confidential AI. Topics include nested virtualization to enable confidential enclaves, stronger platform attestation with recovery capabilities, protection of Azure trusted computing base services, and the growing need for confidential GPUs to secure prompts, model weights, and distributed inference workloads for modern AI applications at scale.
Speakers
avatar for Run Cai

Run Cai

Principal PM Manager, Microsoft
Run Cai is a Principal TPM Manager at Microsoft, leading large-scale Azure infrastructure and focusing on confidential computing programs. She is shaping future generations of Azure confidential computing platforms, driving product scale-out and elasticity while championing new initiatives... Read More →
AC

Ashutosh Chickerur

Principal Engineering Manager, Microsoft
Ashutosh Chickerur is a Principal Software Engineering Manager at Microsoft, leading Azure confidential computing and cloud infrastructure efforts, with deep expertise in multi-cloud platforms, security, and large-scale distributed systems.
Tuesday June 23, 2026 12:45pm - 1:10pm PDT
Courtyard
  Breakout Sessions

12:45pm PDT

TII Session (Speaker to be Announced)
Tuesday June 23, 2026 12:45pm - 1:10pm PDT
Mint Ballroom

Tuesday June 23, 2026 12:45pm - 1:10pm PDT
Mint Ballroom
  Breakout Sessions

1:15pm PDT

Confidential Computing Consortium Session (Speaker to be Announced)
Tuesday June 23, 2026 1:15pm - 1:40pm PDT
Gold Ballroom

Tuesday June 23, 2026 1:15pm - 1:40pm PDT
Gold Ballroom
  Breakout Sessions

1:15pm PDT

Google Session (Speaker to be Announced)
Tuesday June 23, 2026 1:15pm - 1:40pm PDT
Courtyard

Tuesday June 23, 2026 1:15pm - 1:40pm PDT
Courtyard
  Breakout Sessions

1:45pm PDT

Antoine Delignat-Lavaud, Microsoft - Session Topic to be Announced
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Gold Ballroom

Speakers
avatar for Antoine Delignat-Lavaud

Antoine Delignat-Lavaud

Principal Researcher, Microsoft
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Gold Ballroom
  Breakout Sessions

1:45pm PDT

OPAQUE Panel Discussion: David Forman, Midland Credit Management, an Encore Capital Group Company; Shyam Menon, Mitek Systems; Nikhil Gulati, Johnson & Johnson; and Additional Speakers to be Announced
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Courtyard

Speakers
avatar for David Forman

David Forman

Senior Manager IT, EDE, Midland Credit Management, an Encore Capital Group Company

avatar for Shyam Menon

Shyam Menon

Senior Director of Product- Machine Learning & Fraud, Mitek Systems


avatar for Nikhil Gulati

Nikhil Gulati

Global Head, Engineering & AI, MedTech Digital, Johnson & Johnson


Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Courtyard
  Breakout Sessions

2:15pm PDT

Panel Discussion: Speakers to be Announced from Microsoft, AMD, CCC, TII, OPAQUE & Additional Companies
Tuesday June 23, 2026 2:15pm - 2:45pm PDT
Courtyard

Tuesday June 23, 2026 2:15pm - 2:45pm PDT
Courtyard
  Breakout Sessions

3:00pm PDT

From Pixels To Agents: Optimizing On-Device Performance of Confidential Computing in AI Evolution - Savas Ozkan, Samsung Research UK, Samsung Electronics
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Mint Ballroom
Unlike server-side confidential AI, on-device confidential AI must balance strong protection of sensitive personal data with efficient operation under limited computational resources.

In this talk, we explore the impacts of CC on on-device AI performance for various AI models and tools by identifying some root-causes. First, we recognise that CC overheads vary across AI models during critical operations such as data read/write, model loading and inference phases, supported by detailed experiments. Second, we investigate multiple designs for AI agent tools in CC, especially by considering different AI memory modules, that present distinct overheads compared to traditional AI models. To enable systematic evaluation, we develop a modular software framework integrated with the open-source ISLET CC project. This framework supports configurable benchmarking of AI agent tools, and will be publicly released to foster the reproducibility and collaboration within the CC community. Lastly, since these performance drops can negatively impact the user experience, we propose a set of techniques that minimise the overhead related with model loading while ensuring robust privacy protection.
Speakers
avatar for Savas Ozkan

Savas Ozkan

Engineering Manager, Samsung Research UK
Savas Ozkan received the Ph.D. degree from the Department of Electrical and Electronics Engineering, Middle East Technical University, Ankara, Turkey. Currently, he is leading Efficient Machine Learning Group at Samsung Research UK, focusing on on-device AI solutions for vision, language... Read More →
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Mint Ballroom
  Breakout Sessions

3:00pm PDT

NVIDIA Confidential Computing Attestation for Next-Generation AI Hardware - Rob Nertney & Spencer Gilson, NVIDIA
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Courtyard
NVIDIA's attestation infrastructure was born from Confidential Computing - securing Hopper GPUs with hardware-rooted, in-band attestation. As AI hardware evolves to rack-scale systems like Vera Rubin NVL72, attestation must evolve with it: new devices, new modes, and new challenges.

This talk covers three dimensions of that evolution. First, we discuss how CC attestation scales to rack-level with Vera Rubin, including NVIDIA's multi-node solution for CC and the challenge of attesting dozens of GPUs, CPUs, and NVSwitches as a unified trusted system. Second, we show how attestation patterns proven in CC are extending to new modes and device types - including fleet intelligence and out-of-band attestation. Third, we share the standards and interoperability challenges we have encountered along the way: inconsistent implementations across the ecosystem, gaps in attestation policy standards, and binding discrete components into trusted subsystems to prevent relay and substitution attacks.

Attendees will leave understanding where NVIDIA attestation is heading and what we have learned about the open problems the ecosystem must solve together.
Speakers
avatar for Rob Nertney

Rob Nertney

Principal software architect, NVIDIA, NVIDIA
Rob Nertney is a principal software architect for confidential computing. He has spent nearly 15 years architecting the features and deployment of accelerator hardware into hyperscale environments for both internal and external use by developers. He has several patents in processor... Read More →
avatar for Spencer Gilson

Spencer Gilson

Senior Systems Software Engineer, NVIDIA
Spencer is a senior system software engineer working on attestation at NVIDIA. He specializes in designing, developing, and maintaining critical services with an emphasis on security and reliability.
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Courtyard
  Breakout Sessions

3:00pm PDT

Trust Is the Next Bottleneck: Why the Agentic Economy Needs Confidential Computing - Pawan Khandavilli, Microsoft
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Gold Ballroom
Agents can authenticate, but they still cannot prove what actually ran. When an agent transfers value, calls a sensitive tool, or acts on delegated authority across a boundary, the relying party has no cryptographic way to verify what code executed, what policy governed it, or whether sensitive data stayed inside a trustworthy boundary. OAuth handles authorization, not runtime integrity. IAM labels principals, not measured execution. Prompt-level governance shapes intent, not enforceable policy. These are necessary but insufficient for agents acting autonomously across trust boundaries.

Confidential computing already has the primitives to close this gap: hardware attestation, measured execution, cryptographic evidence of runtime state. This talk presents a practical framework for applying those primitives to agent trust. I walk through a payment-approval agent scenario end-to-end, identify four concrete gaps (hardware-rooted agent identity, measured policy-as-code, portable attestation evidence, cross-cloud federation), and show which are solvable today and which need ecosystem work. Attendees leave with a framework they can use to evaluate or design agent trust architectures.
Speakers
avatar for Pawan Khandavilli

Pawan Khandavilli

Senior Product Manager, Microsoft
Pawan Khandavilli is a senior product manager in Azure Confidential Computing (ACC) with a focus on serverless and confidential computing. Pawan has previously worked at Fortanix and the Royal Bank of Canada in a variety of roles with a focus on applying innovative security technologies... Read More →
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Gold Ballroom
  Breakout Sessions

3:30pm PDT

"If It's Shared, It's Vulnerable": Is Kubernetes the Right Platform for Confidential Compute? - Zvonko Kaiser, NVIDIA
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Mint Ballroom
Kubernetes shares host kernels, network stacks, storage paths, and control planes across tenants. These shared primitives become attack surfaces when tenants cannot trust each other or the infrastructure operator.

We enumerate the threat surfaces in confidential Kubernetes deployments, from eBPF snooping and conntrack hijacking to hardware-assisted virtualization rootkits. We then present a production architecture that eliminates shared-trust assumptions by flattening the virtualization stack so every workload runs as a TEE-protected guest, gating all secrets, identities, and device access on a composite attestation chain, and wrapping each shared primitive in a hardened overlay for compute, network, storage, control-plane, identity, and observability.

Attendees will learn which Kubernetes primitives leak across tenant boundaries, how composite attestation closes those gaps, and practical steps toward true multi-tenancy in confidential Kubernetes deployments.
Speakers
avatar for Zvonko Kaiser

Zvonko Kaiser

Principal Systems Engineer, NVIDIA
Zvonko is a Principal Systems Engineer at NVIDIA, working on the Cloud Native Technologies team. Focusing right now on all things related to confidential computing, zero-trust, especially in the context of accelerators.
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Mint Ballroom
  Breakout Sessions

3:30pm PDT

GKE Hypercluster: Kubernetes TEEs for AI at Scale - Komei Nakamoto & Keith Moyer, Google
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Courtyard
GKE Hypercluster brings large-scale operation of Trusted Execution Environments to Kubernetes, and was co-designed with Anthropic to meet their security and scale. In this talk we explain the linked runner architecture that drastically reduces the Trusted Compute Base (TCB) by completely separating high-value workload execution from the standard container orchestration control plane. In this model, sensitive AI workloads are offloaded to a dedicated, “sealed” virtual machine. The Kubernetes scheduling and orchestration remains on a non-sealed "parent" node, preserving Kubernetes primitives (ie. Pods, Network Policy) and operational familiarity while achieving workload isolation. The execution environment is built on a hardened and attested OS, removing non-essential services and preventing administrative shell access. Integrity is guaranteed through attestation and container signature verification.

This design establishes a strict chain of trust, offers isolation from the Kubernetes operator and Cloud Service Provider, supports high-performance AI accelerators within the sealed boundary, and enhances scalability by managing isolated environments with a reduced system footprint.
Speakers
avatar for Keith Moyer

Keith Moyer

Senior Staff Software Engineer, Google
Keith Moyer is the Technical Lead for Confidential Computing at Google Cloud. He has spent the last 10 years dedicated to making verifiable trust accessible and useful, with over 20 years of experience spanning cloud security and embedded systems. He holds a BS in Computer Engineering... Read More →
avatar for Komei Nakamoto

Komei Nakamoto

GKE AI Security Tech Lead, Google
Komei is a software engineer at Google, and the Tech Lead for the GKE AI Security team focused on making GKE a secure platform for running AI workloads.
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Courtyard
  Breakout Sessions

3:30pm PDT

Resilient Real-Time Payments With Confidential Computing Architectures - Abhinav Reddy Jutur, J P Morgan Chase and Co.
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Gold Ballroom
Real-time payment systems are transforming the global financial ecosystem, with 69 countries implementing real-time networks and transaction volumes continuing to grow. As expectations shift toward instant transactions, infrastructures must support high throughput while maintaining reliability, data integrity, and stronger data protection during processing.

This session explores how modern distributed architectures enable scalable and resilient payment systems while aligning with confidential computing principles. It examines key concepts like the CAP theorem and trade-offs between consistency, availability, and partition tolerance in financial platforms handling sensitive data.

It also covers architectures such as microservices, event-driven systems, CQRS, and serverless computing, along with techniques like distributed caching, database sharding, and dynamic load balancing. Attendees will gain practical insights into building fault-tolerant, scalable payment systems for real-time digital transactions.
Speakers
avatar for Abhinav Reddy Jutur

Abhinav Reddy Jutur

Software Engineer 3, J P Morgan Chase and Co.
Abhinav Reddy Jutur is a Senior Software Engineer at JPMorgan Chase with 10+ years of experience building scalable, secure enterprise systems in finance and healthcare. He specializes in Java, microservices, and cloud platforms, leading real-time payments and cross-border solutions... Read More →
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Gold Ballroom
  Breakout Sessions

4:00pm PDT

Agentic Zero Trust: at Rest, in Transit, and at Runtime - Nina Polshakova, Solo.io & Josh Halley, Cisco
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Gold Ballroom
AI workloads handle some of the most sensitive data in modern enterprises, from proprietary training datasets to user prompts and high-dimensional embeddings. Yet many AI pipelines are built without the rigorous security practices applied to traditional systems, leaving critical gaps.

Josh and Nina from the CNCF AI Working Group show how to apply Zero Trust principles to secure AI data at every stage: at rest, in transit, and in runtime. Attendees will learn why conventional approaches fail for AI, highlighting risks like prompt injection, embedding poisoning, and GPU memory leakage, and how Zero Trust, combined with confidential computing, provides a stronger security foundation.

We’ll demonstrate how agent identity, continuous attestation, and trusted execution environments (TEEs) enforce runtime trust, while encryption, fine-grained access control, and mTLS protect data at rest and in transit.

Attendees will gain actionable strategies for securing every stage of the AI data lifecycle using modern encryption, policy enforcement, and runtime hardening.
Speakers
avatar for Nina Polshakova

Nina Polshakova

Senior Principal Software Engineer, Solo.io
Nina is a software engineer at Solo.io, working on AI Gateway projects. She contributes to open source projects, including Kubernetes, Istio, kagent, agentgateway, and kgateway. A CNCF Ambassador and former Kubernetes v1.33 Release Lead, she’s also a member of the Cloud Native AI... Read More →
avatar for Josh Halley

Josh Halley

Principal Architect, Cisco
Josh Halley, is a Principal Architect and published technical author, in the office of the CTO at Cisco,
focused on next generation technologies and technical transformation for some
of Cisco’s largest global customers. His main focus today is in the domains of AI Operations, leading and supporting multiple teams in their generation of Agentic AI systems to support todays and tomorrows future technologies use cases... Read More →
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Gold Ballroom
  Breakout Sessions

4:00pm PDT

Governing AI Agents at the Hardware Boundary - Imran Siddique, Microsoft
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Courtyard
AI agents are making real decisions: filing tickets, moving money, deploying code, operating infrastructure. The question is no longer what the agent should do. The question is: can you prove governance was actually enforced?

Right now, all agent governance is software. Policy engines, identity checks, audit logs, credentials: everything lives in the same trust boundary as the agent itself. If someone compromises the runtime, every control disappears. Policies get bypassed. Credentials get exfiltrated. Audit logs get forged.
Software governance makes promises. Hardware governance provides proofs.

I will walk through what my team has built (the Agent Governance Toolkit), where the software limits are, and how TEE-backed enforcement closes those gaps. Concrete architecture, real code, honest gap analysis.
Speakers
IS
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Courtyard
  Breakout Sessions

4:00pm PDT

Running AI Agents Inside TEEs Without Losing Your Mind - Sonali Mishra, Nutanix
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Mint Ballroom
AI agents are making decisions, calling tools, and talking to other agents, often with access to sensitive data they shouldn't be able to see in plaintext. The usual answer is to just trust the infrastructure, but that falls apart in multi tenant clouds and cross org workflows. This talk covers what it actually takes to run agentic AI workloads inside Trusted Execution Environments. I'll walk through the architecture for isolating agent-to-agent communication using confidential VMs, how attestation works when agents need to dynamically invoke external tools, and the gotchas we hit around key management and session state. We'll look at real performance numbers and what the overhead looks like on GPU backed inference inside TEEs and where the bottlenecks actually are. Attendees will leave with a concrete reference architecture for deploying AI agents with hardware-rooted trust boundaries, plus practical guidance on attestation flows for multi-party agent pipelines. If you're building agentic systems that handle regulated or sensitive data, this talk gives you a starting point that doesn't require rearchitecting everything from scratch.
Speakers
avatar for Sonali Mishra

Sonali Mishra

Principal Product Manager - AI & Cloud Native, Nutanix
As a Principal Cloud Native at Nutanix, I am passionate about driving innovation and empowering organizations to build secure and resilient solutions in their cloud-native journey. With our significant presence in US government, I aim to ensure organizations can adopt Kubernetes securely... Read More →
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Mint Ballroom
  Breakout Sessions
 
Wednesday, June 24
 

12:45pm PDT

Characterizing NVIDIA Confidential Computing Overheads Across Model Inference & Training - Tanya Verma, Tinfoil
Wednesday June 24, 2026 12:45pm - 1:10pm PDT
Gold Ballroom
We'll walk through where NVIDIA CC overheads appear in the model inference and training pipeline across GPU architectures and try to understand why
Speakers
avatar for Tanya Verma

Tanya Verma

Cofounder, Tinfoil
Tanya is the cofounder of Tinfoil, which provides verifiably private AI. Before Tinfoil, she was a cryptography engineer at Cloudflare where she designed and deployed privacy and security protocols used by billions of users on the internet.* Speaker Email: [email protected]* Speaker Headshot: attached... Read More →
Wednesday June 24, 2026 12:45pm - 1:10pm PDT
Gold Ballroom
  Breakout Sessions

12:45pm PDT

Session to be Announced
Wednesday June 24, 2026 12:45pm - 1:10pm PDT
Courtyard

Wednesday June 24, 2026 12:45pm - 1:10pm PDT
Courtyard
  Breakout Sessions

1:15pm PDT

Session to be Announced
Wednesday June 24, 2026 1:15pm - 1:40pm PDT
Gold Ballroom

Wednesday June 24, 2026 1:15pm - 1:40pm PDT
Gold Ballroom
  Breakout Sessions

1:15pm PDT

Session to be Announced
Wednesday June 24, 2026 1:15pm - 1:40pm PDT
Courtyard

Wednesday June 24, 2026 1:15pm - 1:40pm PDT
Courtyard
  Breakout Sessions

1:45pm PDT

ACompany Session (Speaker to be Announced)
Wednesday June 24, 2026 1:45pm - 2:10pm PDT
Courtyard

Wednesday June 24, 2026 1:45pm - 2:10pm PDT
Courtyard
  Breakout Sessions

1:45pm PDT

Session to be Announced
Wednesday June 24, 2026 1:45pm - 2:10pm PDT
Gold Ballroom

Wednesday June 24, 2026 1:45pm - 2:10pm PDT
Gold Ballroom
  Breakout Sessions

2:15pm PDT

Panel Discussion: Speakers to be Announced
Wednesday June 24, 2026 2:15pm - 2:45pm PDT
Courtyard

Wednesday June 24, 2026 2:15pm - 2:45pm PDT
Courtyard
  Breakout Sessions

3:00pm PDT

From Trust Assumptions To Trust Evidence: Why PKI and Confidential Computing Are Converging - Brian Trzupek, DigiCert
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
Mint Ballroom
Every regulated industry runs on the same uncomfortable bargain:multi parties with conflicting interests agree to trust each other procedurally, because no tech mechanism exists to verify the claims they're making. An MRI running an AI diagnostic model involves at least 5 stakeholders:the AI vendor protecting IP, the hospital safeguarding patient data, the device mfg ensuring FW integrity, the regulator verifying the cleared algorithm is actually running, and the patient who never consented to their scan training someone else's model. Today, all of them take each other on faith. Confidential computing changes that equation from trust assumptions to trust evidence.This talk examines 2 concrete problem domains where we are applying HW-rooted attestation and PKI-based trust services to solve real, urgent problems. 1st, we walk through the brownfield medical device challenge: how do you retrofit TPM-based measured boot, model integrity verification, and remote attestation onto med. devices already deployed in the field without disrupting clinical operations? 2nd, we present DigiCert's work on AI agent ID for agentic AI systems; a problem that extends CC principles into the SW ID layer
Speakers
avatar for Brian Trzupek

Brian Trzupek

Sr. Vice President Product, DigiCert
Brian Trzupek is SVP of Product at DigiCert. A crypto and security tech by day and night, Trzupek brings nearly two decades of expertise on many security subjects to the team. He is often brainstorming use cases for enterprise PKI (Public Key Infrastructure) facilitated by the industry-leading... Read More →
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
Mint Ballroom
  Breakout Sessions

3:00pm PDT

Global Agentic Identity and Programmable Trust: Lessons Learned From the NATO DIANA Pilot - Manu Fontaine, Hushmesh Inc.
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
Gold Ballroom
NATO DIANA, NATO’s innovation accelerator, is building a heterogeneous, cross-Allied ecosystem spanning innovators, mentors, test centers, ministries of defense, and other agencies across 32 Allied nations. This is the trust problem the Internet of Agents will face at global scale: how people, organizations, and their respective agents prove identity, authority, and credentials across trust boundaries without leaking private, confidential, or national-security knowledge.
To address this challenge, DIANA sought a “chip-level zero-trust” identity infrastructure. Confidential Computing sits at the root: identity, authentication, authorization, credentialing, and key management are all unified and verified from the chips up. Each entity acts through its agent with its own cryptographic identity, trust boundary, knowledge isolation, and globally verified execution.

In this session, we will share lessons from the DIANA pilot and show why Agentic Identity is the foundational layer of Programmable Trust for the Internet of Agents: a model for sovereign ecosystems where agents interact, coordinate, and transact under hardware-backed guarantees of verifiability, confidentiality, and privacy.

Speakers
avatar for Manu Fontaine

Manu Fontaine

Founder and CEO, Hushmesh Inc.
Manu Fontaine is the Founder and CEO of Hushmesh, a dual-use, early-stage, Delaware Public Benefit Corporation in the Washington DC area. Hushmesh leverages Confidential Computing technology to develop, deploy, and operate "the Mesh": the Programmable Trust infrastructure for the... Read More →
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
Gold Ballroom
  Breakout Sessions

3:00pm PDT

Q-Day Survival Guide: What the Post-quantum Cryptography Transition Means for Confidential Computing - Arthur Savage, Red Hat
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
Courtyard
Cryptographic algorithms will one day be broken by large quantum computers, necessitating the replacement of classical cryptography (like RSA) with post-quantum cryptography (PQC). This event, called Q-day, is a rolling deadline with previous estimates falling around 2035. However, in early 2026, many groundbreaking developments rapidly shortened Q-day estimates to 2030 or sooner, leaving little time to execute this unprecedented global cryptographic overhaul.

This talk will put Q-day in context for the audience: timelines, the recent scientific breakthroughs and how they alter threat models in open source, and which gaps and blockers are most pressing. Then, we view these blockers through the lens of confidential computing, from hardware to software. We will discuss current risks and best practices, then open the audience to discussion of the needs of diverse applications across the confidential computing ecosystem. This talk is both informative and information-gathering, fostering mutual understanding and collaboration to integrate PQC before time runs out. This talk will be technical, but no prior knowledge about PQC is necessary and we welcome participation from all.
Speakers
avatar for Arthur Savage

Arthur Savage

Software Engineer, Red Hat
Arthur Savage is a software engineer at Red Hat with a passion for cybersecurity. He has a Master's degree in Electrical and Computer Engineering with specialties in data analytics, image forensics, and post quantum cryptography.
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
Courtyard
  Breakout Sessions

3:30pm PDT

Privacy-Preserving Fraud Intelligence for India's Open Finance Ecosystem Using TEEs - Kiran Gopinath, Sahamati Foundation & Rene Kolga, Google Cloud
Wednesday June 24, 2026 3:30pm - 3:55pm PDT
Gold Ballroom
Loan fraud in India is a $4 billion annual problem. Simultaneously, it is very hard to detect and prevent this when each lender sees only their slice of a borrower's activity. India's Open Finance framework, called Account Aggregator, establishes the foundation for coordinated fraud prevention at scale. However, lenders cannot pool raw borrower data to combat it.

Aikya, built on a Trusted Execution Environment, provides the answer by running cross-institutional velocity checks inside a secure enclave where no participant sees another's data, turning a privacy constraint into a structural guarantee.

Sahamati Foundation governs India's Open Finance framework enabling individuals and businesses to share real-time financial data across financial institutions and fintechs with their consent. With over 1,000 participating entities and tens of millions of active data flows, it is one of the largest Open Finance deployments in the world.
Speakers
avatar for Kiran Gopinath

Kiran Gopinath

Chief Innovation Officer and Head Sahamati Labs, Sahamati Foundation
As Chief Innovation Officer at Sahamati, Kiran leads initiatives shaping India’s Account Aggregator ecosystem, one of the world’s fastest-growing Open Finance networks and is the founder of Sahamati Labs, where he drives innovation at the intersection of AI, Open Finance. His... Read More →
avatar for Rene Kolga

Rene Kolga

Sr Product Manager, Google Cloud
Rene Kolga, CISSP, has over 15 years of cybersecurity experience in the areas of endpoint protection, insider threat, encryption and vulnerability management. Currently, he is a Product Manager at Google on the Confidential Computing team. Prior to Google, Rene worked for Symantec... Read More →
Wednesday June 24, 2026 3:30pm - 3:55pm PDT
Gold Ballroom
  Breakout Sessions

3:30pm PDT

Realizing Confidential VMs Ensuring Privacy of AI Features at LY Corporation in a Real-World Cloud - LY Corporation - Hiroki Narukawa & Akihiro Misawa, LY Corporation
Wednesday June 24, 2026 3:30pm - 3:55pm PDT
Mint Ballroom
This presentation shows a real-world example of our private cloud introducing Confidential VMs based on SEV-SNP where application in container is included in trust boundary.

At LY Corporation, as part of our privacy enhancement for LINE (messaging app with 194 million active users), we provide Confidential VMs powered by AMD SEV-SNP in our private cloud. This ensures that even employees cannot access data input to AI systems, and that the data remains protected even in the event of infrastructure compromise.

This session focuses on two parts: one is mobile client perspective, the other is cloud-user perspective.

In our Confidential VM implementation, the whole system including application can be attested to the mobile clients using Attestation Report feature of SEV-SNP.

Our implementation includes SEV-SNP support in OpenStack, OVMF provisioning to ensure attestation, and our OS image to ensure that only the expected application is running. By designing the chain of trust, everything including OVMF, kernel, OS image and container image is included inside the trust boundary, while cloud users can use the common OS image.
Speakers
avatar for Akihiro Misawa

Akihiro Misawa

Infrastructure Engineer, LY Corporation
An infrastructure engineer at LY Corporation, working on system infrastructure. Involved in OS image management, automation, and internal tooling to support service operations at scale.
avatar for Hiroki Narukawa

Hiroki Narukawa

Software Engineer, LY Corporation
Software Engineer in LY Corporation, working on IaaS.
Mainly developing software running inside hypervisor or Baremetal nodes. I often scope on lowlayer problems.
He work on developing software and managing version of OpenStack, qemu, libvirt. He has contributed some patches to... Read More →
Wednesday June 24, 2026 3:30pm - 3:55pm PDT
Mint Ballroom
  Breakout Sessions

3:30pm PDT

WhatsApp Private Processing - Kevin Hui, Yunqi Li, Sidharth Verma, Henry Wang & Varun Patil, Meta
Wednesday June 24, 2026 3:30pm - 3:55pm PDT
Courtyard
WhatsApp (Meta) launched its flagship Confidential Computing use-case last year (https://engineering.fb.com/2025/04/29/security/whatsapp-private-processing-ai-tools/), introducing one of the first large-scale applications of confidential computing. In this presentation, we will go over an overview of how Private Processing works, the operational lessons we learned while deploying confidential virtual machines at the scale of WhatsApp, and where we think the evolution of our Private Processing stack will take us for years to come.

Topics:
- CVM hardening
- Binary transparency
- OHTTP
- Remote Attestation TLS (RA-TLS)
- Debugging CVMs in production
- Virtual Research Environment
- And others
Speakers
avatar for Kevin Hui

Kevin Hui

Software Engineer, Meta
Kevin works on the Private Compute Platform team at Meta. This team is responsible for the infrastructure surrounding Private Processing and other privacy-preserving products at Meta leveraging Trusted Execution Environments.

Kevin focuses on the build tooling and virtualization aspects of Confidential Virtual Machines, enabling developers at Meta to write privacy-first products without having to worry about the low-level details surrounding confidential computing... Read More →
avatar for Yunqi Li

Yunqi Li

Research Scientist, Meta
Yunqi works on the WhatsApp Server Privacy team, where they contribute to core messaging systems and privacy-focused technologies including Trusted Execution Environments (TEE), Binary Transparency, and Audit Transparency.

At the intersection of systems engineering and applied... Read More →
avatar for Sidharth Verma

Sidharth Verma

Software Engineer, Meta
Sidharth is a Software Engineer on Meta Superintelligence Lab's Inference Service Management team. His specific focus area is TEE inference infrastructure, helping to enable the next generation of SOTA models for private inference at large scale.
avatar for Varun Patil

Varun Patil

Research Scientist, Meta Platforms Inc
Varun is a researcher at Meta building Private Processing, WhatsApp's secure and private AI inference platform powered by trusted execution.
avatar for Henry Wang

Henry Wang

SWE, Meta
N/A.
Wednesday June 24, 2026 3:30pm - 3:55pm PDT
Courtyard
  Breakout Sessions

4:00pm PDT

A Large-Scale Data Clean Room Case Study in Japan: Confidential Computing and Privacy Regulations - ACompany (Speakers to be Announced)
Wednesday June 24, 2026 4:00pm - 4:25pm PDT
Gold Ballroom
AI model advancement demands cross-enterprise data collaboration, but strict privacy regulations create barriers. This session explores a commercialized Data Clean Room in Japan by Acompany and KDDI, a Fortune Global 500 telecom company.
We will share the architecture enabling secure data matching and privacy-preserving AI development. We detail how this satisfies the strict third-party data transfer restrictions under Japan's Act on the Protection of Personal Information (APPI). By keeping the calculation process protected, enterprises can jointly analyze sensitive large-scale datasets—including personal and location data—without exposing raw information to partners.
Furthermore, we explore the relationship between policy discussions and CC in Japan. With CC recognized as an essential data security technology in public and private sectors, we discuss the potential for market expansion. We provide insights into how bridging governance and technology creates a scalable confidential AI infrastructure.

Note: Session content is subject to minor changes.
Wednesday June 24, 2026 4:00pm - 4:25pm PDT
Gold Ballroom
  Breakout Sessions

4:00pm PDT

Overview of the AWS Nitro System: Building Trust Through Secure Cloud Infrastructure - Matthew Wilson, Amazon
Wednesday June 24, 2026 4:00pm - 4:25pm PDT
Courtyard
The AWS Nitro System is the foundation for modern Amazon EC2 instances that enables AWS to innovate faster, reduce cost for customers, and deliver added benefits like increased security and new instance types. We've applied formal methods to the Nitro System since day one. AWS has reimagined our virtualization infrastructure. Traditionally, hypervisors protect physical hardware and BIOS, virtualize CPU, storage, and networking, and provide management capabilities. The Nitro System breaks apart those functions, offloads them to dedicated hardware and software, and reduces costs by delivering nearly all server resources to instances.

This session explores the architecture and security model of the Nitro System, demonstrating how offloading virtualization functions minimizes the hypervisor attack surface and enables features like secure boot and Nitro Enclaves. We'll introduce the Nitro Isolation Engine, where we've applied formal methods. Starting from proving correctness properties of early boot firmware and the API endpoint component of the Nitro Controller, the Nitro Isolation Engine is a minimal trusted computing base and is a default capability of AWS Graviton5 processors
Speakers
avatar for Matthew Wilson

Matthew Wilson

Vice President/Distinguished Engineer at Amazon, Amazon
Matt Wilson is a Vice President and Distinguished Engineer at Amazon Web Services. He leads the technical architecture of the Amazon Software Development Experience (ASBX) division, which owns secure software development lifecycle tools and processes. Matt was a lead designer of the... Read More →
Wednesday June 24, 2026 4:00pm - 4:25pm PDT
Courtyard
  Breakout Sessions

4:00pm PDT

Private Model as a Service: Zero-Trust Blueprint for Protecting AI Weights - Marcos Entenza, Red Hat
Wednesday June 24, 2026 4:00pm - 4:25pm PDT
Mint Ballroom
In the agentic era, deploying proprietary AI on-premises raises a critical question: how do you protect model IP when infrastructure admins have full hardware access? This session introduces Private Model as a Service (PMaaS), a production-ready reference architecture that secures AI model weights across their entire lifecycle using hardware-rooted Trusted Execution Environments (TEEs).

We dive into the technical orchestration of Confidential Containers (CoCo) and KServe to build a cryptographically verified inference pipeline with vLLM. Model weights are distributed and decrypted exclusively inside hardware-verified CPU TEEs (Intel TDX, AMD SEV-SNP) with GPU memory protection (NVIDIA H100/B200). Remote attestation via a Key Broker Service (KBS) ensures decryption keys are only released to policy-compliant, verified environments.

We also cover the challenges of running vLLM inside restricted TEEs and our work upstreaming GPU attestation logic into Kata Containers and CoCo. Attendees leave with a practical blueprint for deploying zero-trust confidential AI workloads that decouple model security from infrastructure trust.
Speakers
avatar for Marcos Entenza

Marcos Entenza

Sr. Principal Product Manager, Red Hat
Marcos Entenza, a.k.a Mak, works on the core Red Hat OpenShift Container Platform for hybrid and multi-cloud environments to enable customers to run Red Hat OpenShift anywhere. Mak is an experienced Product Manager passionate about building scalable infrastructures, and he oversees... Read More →
Wednesday June 24, 2026 4:00pm - 4:25pm PDT
Mint Ballroom
  Breakout Sessions
 
  • Filter By Date
    Jun 23 - 24, 2026
  • Filter By Venue
    San Francisco, CA, USA
    All
    Column Ballroom
    Courtyard
    Gold Ballroom
    Mint Ballroom
    Salon 3
    The Mint
  • Filter By Type
    Breakout Sessions
    Breaks / Exhibits / Special Events
    Keynote Sessions
    Poster Sessions
    All
    Innovation
    Research
    Use Cases
  • Audience
    Any
  • Timezone

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning App Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Tuesday, June 23
Wednesday, June 24
Column Ballroom
Courtyard
Gold Ballroom
Mint Ballroom
Salon 3
The Mint
  • Breakout Sessions
  • Breaks / Exhibits / Special Events
  • Keynote Sessions
  • Poster Sessions
  • Audience
  • Any