Agentic AI security steals the spotlight at Confidential Computing Summit

For a decade, confidential computing has been chipping away at one of security’s hardest problems: data is well encrypted in transit and at rest, but when a processor works on it, that data sits in memory in the clear, exposed to anyone with privileged host access.

“Confidential computing’s aim was to solve this with a trusted execution environment, a subset of the CPU that runs the encrypted workload and handles things like memory encryption,” said Marina Moore, lead security researcher at Edera.

For years the field felt like post-quantum cryptography PhD research scientist types agreeing the work is essential, while waiting for it to reach mainstream practitioners. At the Confidential Computing Summit in San Francisco this week, the breakout use case came into focus: agentic AI.

Like the web before HTTPS

“I was in the really early days of HTTP, and then HTTPS came along pretty quickly,” said Mike Bursell, executive director of the Confidential Computing Consortium. He sees agentic AI where the web sat before certificate authorities and public key infrastructure brokered trust online.