Loading…
Venue: Gold Ballroom clear filter
Tuesday, June 23
 

12:45pm PDT

From Perimeter to Silicon: Why Agentic AI Demands a New Security Model - Dan Middleton, NVIDIA & Raghu Yeluri, Intel
Tuesday June 23, 2026 12:45pm - 1:10pm PDT
As AI agents move from assistants to autonomous actors executing workflows, calling tools, and making decisions across sensitive infrastructure, every industry faces the same foundational question: how do we establish verifiable trust at every layer of the stack?
This session examines the full trust architecture agentic AI requires:
  • Cryptographic attestation that verifies data and model integrity inside secure enclaves
  • Integrity-protected agent identity generation and verification
  • Policy-enforced execution that maintains auditability with no human in the loop
Speakers from Intel and NVIDIA will share how the CCC's four new vendor-agnostic technical blueprints are making Confidential Computing deployable at enterprise scale.

Key Takeaways:
  • The CCC's strategic shift toward demand-driven technical excellence and what it unlocks for enterprise adopters
  • A technical overview of the four new guidance papers and the deployment bottlenecks they solve
  • How to map these reference architectures to your existing cloud-native and open-source pipelines

Speakers
avatar for Dan Middleton

Dan Middleton

Principal Software Architect, NVIDIA
Dan Middleton is a Principal Software Architect at NVIDIA, with deep experience driving innovation at the intersection of open source and emerging technologies. He has led the development and release of products spanning Computational Imaging, Blockchain, Confidential Computing, and... Read More →
RY

Raghu Yeluri

Sr. Principal Engineer, Intel

Tuesday June 23, 2026 12:45pm - 1:10pm PDT
Gold Ballroom

1:15pm PDT

AMD SEV & Azure Local: When Confidential VMs Go Local - David Harmon, AMD & Deepak Manohar, Microsoft
Tuesday June 23, 2026 1:15pm - 1:40pm PDT
AMD SEV has provided foundational technology for Confidential VMs at cloud scale, including deployments in Microsoft Azure Cloud. As workloads span cloud, hybrid, edge, and customer-owned environments, the architectural requirement is clear: preserve the Confidential VM trust pattern wherever those workloads run. This joint AMD-Microsoft session shows how AMD SEV and Azure Local come together for hybrid and on-prem deployment requirements, connecting silicon-based isolation, attestation, policy-gated key release, Azure Local deployment models, and practical deployment considerations. The session includes an Azure Local demo of attestation-gated access to protected workload assets.

Speakers
avatar for David Harmon

David Harmon

Director, Data Center Ecosystem, AMD
David Harmon is a Director of Software Development at AMD. David's work focuses on datacenter solutions that include AMD EPYC server product line and Microsoft software solutions for cloud and on prem including Azure Local.
avatar for Deepak Manohar

Deepak Manohar

Sr. Director PM, Microsoft
Deepak Manohar is a Sr. Director PM at Microsoft. He leads the security product management team for Azure Local and Digital Operations. One of his areas of focus is to bring Confidential computing to Azure's on-premises offering namely Azure Local. More broadly, he is responsible... Read More →
Tuesday June 23, 2026 1:15pm - 1:40pm PDT
Gold Ballroom

1:45pm PDT

Confidential Tenancy: Towards Digital Sovereignty on Public Clouds - Antoine Delignat-Lavaud, Microsoft
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Digital Sovereignty is commonly interpreted as a legal concept - but can it be turned into a technical guarantee? We introduce a new sovereignty boundary within existing public cloud infrastructure built on (and generalizing) the concept of confidential computing, where a given workload is totally isolated from its surrounding shared infrastructure within a trusted execution environment (TEE), enforced and attested in hardware. Although the concept of TEEs applies to a unit of computation (e.g., a process, VM, or container), we propose to extend these security guarantees to an entire cloud tenant, i.e., a cloud account with all its resources – IaaS (i.e., VMs), PaaS (e.g., Kubernetes clusters), and SaaS (e.g., model-as-a-service endpoints) and its associated management layer, including its own identity, access control and key management services. Critically, we introduce virtual data diode (VDD), a novel primitive that allows confidential tenants to control all movements of data within and without their confidential tenancy, including traffic to shared infrastructure services. We also introduce new operator controls to ensure that support requests can be addressed when operators need access to logs or must perform manual maintenance actions on the tenant’s resources, while ensuring that all maintenance actions can be reviewed and approved by the confidential tenant. 

Speakers
avatar for Antoine Delignat-Lavaud

Antoine Delignat-Lavaud

Principal Researcher, Microsoft
Tuesday June 23, 2026 1:45pm - 2:10pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:00pm PDT

Trust Is the Next Bottleneck: Why the Agentic Economy Needs Confidential Computing - Pawan Khandavilli, Microsoft
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Agents can authenticate, but they still cannot prove what actually ran. When an agent transfers value, calls a sensitive tool, or acts on delegated authority across a boundary, the relying party has no cryptographic way to verify what code executed, what policy governed it, or whether sensitive data stayed inside a trustworthy boundary. OAuth handles authorization, not runtime integrity. IAM labels principals, not measured execution. Prompt-level governance shapes intent, not enforceable policy. These are necessary but insufficient for agents acting autonomously across trust boundaries.

Confidential computing already has the primitives to close this gap: hardware attestation, measured execution, cryptographic evidence of runtime state. This talk presents a practical framework for applying those primitives to agent trust. I walk through a payment-approval agent scenario end-to-end, identify four concrete gaps (hardware-rooted agent identity, measured policy-as-code, portable attestation evidence, cross-cloud federation), and show which are solvable today and which need ecosystem work. Attendees leave with a framework they can use to evaluate or design agent trust architectures.
Speakers
avatar for Pawan Khandavilli

Pawan Khandavilli

Senior Product Manager, Microsoft
Pawan Khandavilli is a senior product manager in Azure Confidential Computing (ACC) with a focus on serverless and confidential computing. Pawan has previously worked at Fortanix and the Royal Bank of Canada in a variety of roles with a focus on applying innovative security technologies... Read More →
Tuesday June 23, 2026 3:00pm - 3:25pm PDT
Gold Ballroom

3:30pm PDT

Who is Calling? Identity for Agents with AAuth - Dick Hardt, Hellō
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
The weaknesses of shared secrets — API keys and bearer tokens — are being exploited in the agentic era. They get copied to every workload that uses them, they leak, and they prove nothing about who is actually calling.

Software has changed. Agents now assemble themselves at runtime and call services they've never seen, across organizations and trust domains. Inside the enterprise we have mTLS; on the open web we fall back to bearer tokens, which travel anywhere but prove nothing.

AAuth gives every agent its own cryptographic identity — verifiable by any party, with no pre‑registration and no shared secret. The agent proves possession of a key on every request, and carries who it is, who it is acting on behalf of, and what it's authorized to do in one signed token.

So when an agent calls, the resource knows who's calling — and on whose authority.

Speakers
avatar for Dick Hardt

Dick Hardt

Founder/CEO, Hellō
Agentic Identity and AAuth. 
Tuesday June 23, 2026 3:30pm - 3:55pm PDT
Gold Ballroom

4:00pm PDT

Agentic Zero Trust: at Rest, in Transit, and at Runtime - Nina Polshakova, Solo.io & Josh Halley, Cisco
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
AI workloads handle some of the most sensitive data in modern enterprises, from proprietary training datasets to user prompts and high-dimensional embeddings. Yet many AI pipelines are built without the rigorous security practices applied to traditional systems, leaving critical gaps.

Josh and Nina from the CNCF AI Working Group show how to apply Zero Trust principles to secure AI data at every stage: at rest, in transit, and in runtime. Attendees will learn why conventional approaches fail for AI, highlighting risks like prompt injection, embedding poisoning, and GPU memory leakage, and how Zero Trust, combined with confidential computing, provides a stronger security foundation.

We’ll demonstrate how agent identity, continuous attestation, and trusted execution environments (TEEs) enforce runtime trust, while encryption, fine-grained access control, and mTLS protect data at rest and in transit.

Attendees will gain actionable strategies for securing every stage of the AI data lifecycle using modern encryption, policy enforcement, and runtime hardening.
Speakers
avatar for Nina Polshakova

Nina Polshakova

Senior Principal Software Engineer, Solo.io
Nina is a software engineer at Solo.io, working on AI Gateway projects. She contributes to open source projects, including Kubernetes, Istio, kagent, agentgateway, and kgateway. A CNCF Ambassador and former Kubernetes v1.33 Release Lead, she’s also a member of the Cloud Native AI... Read More →
avatar for Josh Halley

Josh Halley

Principal Architect, Cisco
Josh Halley, is a Principal Architect and published technical author, in the office of the CTO at Cisco,
focused on next generation technologies and technical transformation for some
of Cisco’s largest global customers. His main focus today is in the domains of AI Operations, leading and supporting multiple teams in their generation of Agentic AI systems to support todays and tomorrows future technologies use cases... Read More →
Tuesday June 23, 2026 4:00pm - 4:25pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes
 
Wednesday, June 24
 

12:45pm PDT

Characterizing NVIDIA Confidential Computing Overheads Across Model Inference & Training - Tanya Verma, Tinfoil
Wednesday June 24, 2026 12:45pm - 1:10pm PDT
We'll walk through where NVIDIA CC overheads appear in the model inference and training pipeline across GPU architectures and try to understand why
Speakers
avatar for Tanya Verma

Tanya Verma

Cofounder, Tinfoil
Tanya is the cofounder of Tinfoil, which provides verifiably private AI. Before Tinfoil, she was a cryptography engineer at Cloudflare where she designed and deployed privacy and security protocols used by billions of users on the internet.* Speaker Email: [email protected]* Speaker Headshot: attached... Read More →
Wednesday June 24, 2026 12:45pm - 1:10pm PDT
Gold Ballroom

1:15pm PDT

Open Source, Confidential by Design: The Linux Stack for Agentic AI - Brittany Kaiser, Alpha Compute; Allen Roush, Thoughtworks; & Shaw Walters, Eliza Labs; & Tina Zhen, Flashbots
Wednesday June 24, 2026 1:15pm - 1:40pm PDT
Agentic AI is rapidly becoming part of critical infrastructure, but today's deployments still rely on trust assumptions that were never designed for autonomous systems handling sensitive data.

This session brings together Brittany Kaiser, Allen Roush, and Shaw Walters to discuss how Linux, confidential computing, and open-source agent frameworks can form the foundation for a new generation of verifiable AI systems. The conversation will cover confidential agents, attestation, decentralized coordination, data sovereignty, and why open infrastructure is essential to ensuring that AI remains private, auditable, and user-controlled.  Attendees will gain practical and strategic insights into the emerging architecture of confidential agents and the role Linux will play as the operating system of the sovereign AI era.

Speakers
avatar for Tina Zhen

Tina Zhen

Co-Founder & Steward, Flashbots


avatar for Brittany Kaiser

Brittany Kaiser

CEO, Alpha Compute Corp
Brittany Kaiser is Chief Executive Officer of Alpha Compute Corp. (Nasdaq: ALP), where she leads strategy in confidential computing, data sovereignty, and AI infrastructure. A globally recognized authority on data rights, digital assets, and AI governance, she became a leading voice... Read More →
avatar for Allen Roush

Allen Roush

Lead AI Researcher, Thoughtworks
Allen Roush is Lead AI Researcher at Thoughtworks USA, where he focuses on improving the creativity, coherence, and practical reliability of AI systems. He joined Thoughtworks in 2025 after senior technical and AI leadership roles at organizations including Oracle and Intel. His research... Read More →
avatar for Shaw Walters

Shaw Walters

Founder, Eliza Labs
Shaw Walters is the founder of Eliza Labs, the creators of the ElizaOS agentic open-source framework. With a robust background in artificial intelligence and machine learning, Shaw has championed an open-source and transparent approach that has positioned Eliza Labs at the forefront... Read More →
Wednesday June 24, 2026 1:15pm - 1:40pm PDT
Gold Ballroom

1:45pm PDT

How OPAQUE Enables Hardware-enforced AI Governance- Rishabh Poddar, OPAQUE Systems
Wednesday June 24, 2026 1:45pm - 2:10pm PDT
Your AI stack is bleeding data and you can't prove otherwise. This talk covers the OPAQUE Confidential AI Platform and how it enforces AI governance.

Speakers
avatar for Rishabh Poddar

Rishabh Poddar

Co-Founder & CTO, OPAQUE Systems
Co-Founder & CTO of OPAQUE Systems. PhD, UC Berkeley.
Wednesday June 24, 2026 1:45pm - 2:10pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:00pm PDT

Global Agentic Identity and Programmable Trust: Lessons Learned From the NATO DIANA Pilot - Manu Fontaine, Hushmesh Inc.
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
NATO DIANA, NATO’s innovation accelerator, is building a heterogeneous, cross-Allied ecosystem spanning innovators, mentors, test centers, ministries of defense, and other agencies across 32 Allied nations. This is the trust problem the Internet of Agents faces at global scale: how people, organizations, and their respective agents prove identity, authority, and credentials across trust boundaries without leaking private, confidential, or national-security knowledge.

To address this challenge, DIANA sought a “chip-level zero-trust” identity infrastructure. Confidential Computing sits at the root: identity, authentication, authorization, credentialing, and key management are all unified and verified from the chips up. Each entity acts through its agent with its own cryptographic identity, trust boundary, knowledge isolation, and globally verified execution.

In this session, we will share lessons from the DIANA pilot and show why Global Agentic Identity is the foundational layer of Direct Programmable Trust for the Internet of Agents: a model for sovereign ecosystems where agents interact, coordinate, and transact under hardware-backed guarantees of verifiability, confidentiality, and privacy.

Speakers
avatar for Manu Fontaine

Manu Fontaine

Founder and CEO, Hushmesh Inc.
Manu Fontaine is the Founder and CEO of Hushmesh, a dual-use, early-stage, Delaware Public Benefit Corporation in the Washington DC area. Hushmesh leverages Confidential Computing technology to develop, deploy, and operate "the Mesh": the Programmable Trust infrastructure for the... Read More →
Wednesday June 24, 2026 3:00pm - 3:25pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

3:30pm PDT

Privacy-Preserving Fraud Intelligence for India's Open Finance Ecosystem Using TEEs - Kiran Gopinath, Sahamati Foundation & Rene Kolga, Google Cloud
Wednesday June 24, 2026 3:30pm - 3:55pm PDT
Loan fraud in India is a $4 billion annual problem. Simultaneously, it is very hard to detect and prevent this when each lender sees only their slice of a borrower's activity. India's Open Finance framework, called Account Aggregator, establishes the foundation for coordinated fraud prevention at scale. However, lenders cannot pool raw borrower data to combat it.

Aikya, built on a Trusted Execution Environment, provides the answer by running cross-institutional velocity checks inside a secure enclave where no participant sees another's data, turning a privacy constraint into a structural guarantee.

Sahamati Foundation governs India's Open Finance framework enabling individuals and businesses to share real-time financial data across financial institutions and fintechs with their consent. With over 1,000 participating entities and tens of millions of active data flows, it is one of the largest Open Finance deployments in the world.
Speakers
avatar for Kiran Gopinath

Kiran Gopinath

Chief Innovation Officer and Head Sahamati Labs, Sahamati Foundation
As Chief Innovation Officer at Sahamati, Kiran leads initiatives shaping India’s Account Aggregator ecosystem, one of the world’s fastest-growing Open Finance networks and is the founder of Sahamati Labs, where he drives innovation at the intersection of AI, Open Finance. His... Read More →
avatar for Rene Kolga

Rene Kolga

Sr Product Manager, Google Cloud
Rene Kolga, CISSP, has over 15 years of cybersecurity experience in the areas of endpoint protection, insider threat, encryption and vulnerability management. Currently, he is a Product Manager at Google on the Confidential Computing team. Prior to Google, Rene worked for Symantec... Read More →
Wednesday June 24, 2026 3:30pm - 3:55pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes

4:00pm PDT

A Large-Scale Data Clean Room Case Study in Japan: Confidential Computing and Privacy Regulations - Takao Takenouchi & Takeharu Kondo, Acompany Co., Ltd.
Wednesday June 24, 2026 4:00pm - 4:25pm PDT
AI model advancement demands cross-enterprise data collaboration, but strict privacy regulations create barriers. This session explores a commercialized Data Clean Room in Japan by Acompany and KDDI, a Fortune Global 500 telecom company.

We will share the architecture enabling secure data matching and privacy-preserving AI development. We detail how this satisfies the strict third-party data transfer restrictions under Japan's Act on the Protection of Personal Information (APPI). By keeping the calculation process protected, enterprises can jointly analyze sensitive large-scale datasets—including personal and location data—without exposing raw information to partners.

Furthermore, we explore the relationship between policy discussions and CC in Japan. With CC recognized as an essential data security technology in public and private sectors, we discuss the potential for market expansion. We provide insights into how bridging governance and technology creates a scalable confidential AI infrastructure.

Note: Session content is subject to minor changes.
Speakers
avatar for Takao Takenouchi

Takao Takenouchi

VP of Public Affairs & Strategic Alliance, Acompany Co., Ltd.
Takao Takenouchi, Ph.D., is VP of Public Affairs & Strategic Alliance at Acompany Co., Ltd. He has nearly 20 years of experience in security and privacy technologies across major technology companies and startups in Japan. His work spans privacy-enhancing technologies, including Confidential... Read More →
avatar for Takeharu Kondo

Takeharu Kondo

Co-founder / Chief Research and Development Officer, Acompany Co., Ltd.
Takeharu Kondo is Co-founder and Chief R&D Officer of Acompany, a Japanese startup building Confidential AI — AI you can trust with your most sensitive data. Since co-founding the company in 2018, he has led applied R&D that turns Confidential Computing and privacy-enhancing technologies... Read More →
Wednesday June 24, 2026 4:00pm - 4:25pm PDT
Gold Ballroom
  Breakout Sessions
  • Slides Attached Yes
 
  • Filter By Date
  • Filter By Venue
  • Filter By Type
  • Audience
  • Slides Attached
  • Timezone

Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.