Confidential Computing In The AI Era

Confidential Computing In The AI Era

Confidential Computing In The AI Era

https://www.forbes.com/sites/chuckbrooks/2026/07/01/confidential-computing-in-the-ai-era/

Publish Date: 2026-07-01 13:08:00

Source Domain: www.forbes.com

Digital background depicting innovative technologies in security systems, data protection Internet technologies

getty

The core principles of data security are changing dramatically as we move closer to a time when artificial intelligence will rule. The dual-use opportunities and threats of developing technologies like AI have changed the cybersecurity ecosystem. AI can boost defenses, facilitate predictive analytics, and spur innovation, but it also increases attack surfaces, intensifies risks, and necessitates new approaches to trust and privacy—particularly as sensitive data powers ever-more-powerful models.

Conventional approaches to cybersecurity are no longer adequate. We need to go beyond safeguarding data while it’s in transit and at rest to protecting it while it’s being used—exactly when AI models carry out their most crucial calculations.

The Components of Confidential Computing

Confidential Computing (CC) safeguards data during processing, not just storage or transmission. It allows sensitive data, such as cryptographic keys, AI agent reasoning stages, and proprietary algorithms, to be computed safely without external access or modification. As AI systems become more independent and interconnected, confidential computing ensures computation integrity and privacy end-to-end.

Conventional encryption works by shielding data while it’s in transit and at rest, but not when it’s being computed. The data needs to be encrypted before an AI model can be used for training on large datasets, inference for making decisions in real time, or agentic processes. It is stored in plain text in RAM and can theoretically be accessed by administrators, cloud operators, hypervisors, or highly skilled attackers through malware, insider threats, or side-channel attacks.

By establishing a hardware-rooted trusted zone—often referred to as a Trusted Execution Environment (TEE) or secure enclave—where data is decrypted only when and where computation requires it, then…

Source