惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Privacy International News Feed
V
Vulnerabilities – Threatpost
The Last Watchdog
The Last Watchdog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
O
OpenAI News
T
Threat Research - Cisco Blogs
WordPress大学
WordPress大学
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Palo Alto Networks Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
H
Help Net Security
P
Proofpoint News Feed
MyScale Blog
MyScale Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
The Blog of Author Tim Ferriss
H
Hackread – Cybersecurity News, Data Breaches, AI and More
S
Securelist
Vercel News
Vercel News
S
Security Affairs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
B
Blog RSS Feed
云风的 BLOG
云风的 BLOG
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Blog — PlanetScale
Blog — PlanetScale
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Last Week in AI
Last Week in AI
博客园_首页
Attack and Defense Labs
Attack and Defense Labs
G
Google Developers Blog
T
Tor Project blog
Project Zero
Project Zero
腾讯CDC
Schneier on Security
Schneier on Security
月光博客
月光博客
N
Netflix TechBlog - Medium
AWS News Blog
AWS News Blog
L
LINUX DO - 最新话题
P
Proofpoint News Feed
博客园 - 司徒正美
A
About on SuperTechFans
Latest news
Latest news
Scott Helme
Scott Helme
Hacker News: Ask HN
Hacker News: Ask HN
T
Threatpost
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
CERT Recently Published Vulnerability Notes
Google DeepMind News
Google DeepMind News
博客园 - 聂微东

InfoWorld

AWS boosts CloudWatch Logs query limits by 10x to ease debugging for developers, SREs 21 LLMs tuned for special domains AWS adds Advanced Prompt Optimization tool to Bedrock Capacity markets could reshape cloud computing Four cutting-edge tools for spec-driven development Anthropic puts Claude agents on a meter across its subscriptions Notion courts developers with a platform for AI agents and workflow automation Using continuous purple teaming to protect fast-paced enterprise environments A better way to work with SQL Server Evidence-driven workflows: Rethinking enterprise process design AWS debuts Graviton-powered Redshift RG instances to cut analytics costs SAP’s AI promises last year? Most are still rolling out First look: Lemonade serves up local AI with limitations GitLab CEO sees developer tool bill increasing 100-fold Red Hat adds support for agentic AI development What’s new and exciting in JDK 26 Kill the loading spinner with local-first data and reactive SQL A networking revolution at AWS Tokenmaxxing is super dumb Hands-on with React, Supabase, and PowerSync How to add AI to an existing product (without annoying users) Your AI doesn’t need another database What happens when engineering teams reorganize around AI agents Python isn’t always easy When cloud giants meddle in markets 12 model-level deep cuts to slash AI training costs The best new features in Python 3.15 Teradata launches platform for enterprise AI agents moving beyond pilots Three skills that matter when AI handles the coding MongoDB targets AI’s retrieval problem Building AI apps and agents with Microsoft Foundry Designing front-end systems for cloud failure No, AI won’t destroy software development jobs Diskless databases: What happens when storage isn’t the bottleneck Vibe coding or spec-driven development? The agentic AI distraction Vibe coding or spec-driven development? How to choose Cloud providers are blinded by agentic AI SAP to acquire data lakehouse vendor Dremio Small language models: Rethinking enterprise AI architecture Making AI work through eval hygiene Improving AI agents through better evaluations AI in the cloud is easy but expensive Running AI in the cloud is easy – and expensive Making AI work for databases Harness teams of agentic coders with Squad Harness teams of coding agents with Squad Oracle NetSuite announces AI coding skills for SuiteCloud developers Why it’s so hard to create stand-alone Python apps A new challenge for software product managers The hidden cost of front-end complexity GitHub shifts Copilot to usage-based billing, signaling a new cost model for enterprise AI tools OpenAI’s Symphony spec pushes coding agents from prompts to orchestration The front-end architecture trilemma: Reactivity vs. hypermedia vs. local-first apps Enterprise AI is missing the business core The best JavaScript certifications for getting hired Google begins putting the guardrails on agentic AI Why world models are AI’s next frontier Where to begin a cloud career Google pitches Agentic Data Cloud to help enterprises turn data into context for AI agents How open source ideals must expand for AI Is your Node.js project really secure? How I doubled my GPU efficiency without buying a single new card SpaceX secures option to acquire AI coding startup Cursor for $60B Google’s Gemma 4 shines on local systems – both big and small AI is upending the SaaS game How AI is upending SaaS tools Snowflake offers help to users and builders of AI agents From the engine room to the bridge: What the modern leadership shift means for architects like me Addressing the challenges of unstructured data governance for AI The cookbook for safe, powerful agents Enterprises are rethinking Kubernetes GitHub pauses new Copilot sign-ups as agentic AI strains infrastructure Best practices for building agentic systems Making agents dull Oracle delivers semantic search without LLMs When cloud giants neglect resilience Exciting Python features are on the way Ease into Azure Kubernetes Application Network The agent tier: Rethinking runtime architecture for context-driven enterprise workflows The two-pass compiler is back – this time, it’s fixing AI code generation MuleSoft Agent Fabric adds new ways to keep AI agents in line Salesforce launches Headless 360 to support agent‑first enterprise workflows Tap into the AI APIs of Google Chrome and Microsoft Edge Where will developer wisdom come from? GitHub adds Stacked PRs to speed complex code reviews The hyperscalers are pricing themselves out of AI workloads HTMX 4.0: Hypermedia finds a new gear Google Cloud introduces QueryData to help AI agents create reliable database queries Hands-on with the Google Agent Development Kit Are AI certifications worth the investment? AWS targets AI agent sprawl with new Bedrock Agent Registry Cloud degrees are moving online Swift for Visual Studio Code comes to Open VSX Registry AI agents aren't failing. The coordination layer is failing Anthropic rolls out Claude Managed Agents Microsoft’s reauthentication snafu cuts off developers globally Meta’s Muse Spark: a smaller, faster AI model for broad app deployment Bringing databases and Kubernetes together AWS turns its S3 storage service into a file system for AI agents
Agentic AI security steals the spotlight at Confidential Computing Summit
Travis Van · 2026-06-26 · via InfoWorld

Security for AI agents increasingly resembles the trust infrastructure that underpins today’s internet, confidential computing experts observed.

For a decade, confidential computing has been chipping away at one of security’s hardest problems: data is well encrypted in transit and at rest, but when a processor works on it, that data sits in memory in the clear, exposed to anyone with privileged host access.

“Confidential computing’s aim was to solve this with a trusted execution environment, a subset of the CPU that runs the encrypted workload and handles things like memory encryption,” said Marina Moore, lead security researcher at Edera.

For years the field felt like post-quantum cryptography PhD research scientist types agreeing the work is essential, while waiting for it to reach mainstream practitioners. At the Confidential Computing Summit in San Francisco this week, the breakout use case came into focus: agentic AI.

Like the web before HTTPS

“I was in the really early days of HTTP, and then HTTPS came along pretty quickly,” said Mike Bursell, executive director of the Confidential Computing Consortium. He sees agentic AI where the web sat before certificate authorities and public key infrastructure brokered trust online. 

“The original agent specifications were not written by security architects,” Bursell said, and “some of it feels in need of refinement.”

The gap confidential computing fills is attestation, which provides proof of what runs. The hardware hashes the memory and firmware of a protected execution environment and signs the result inside the chip, Bursell explained, producing a measurement a verifier checks against the expected software. Without it, an agent session shares the early web problem of open windows for hijacking, except the attackers are now agents themselves.

The old objection that confidential computing demanded exotic hardware is largely gone, Bursell said, now that it ships in AMD, Intel, and NVIDIA parts and turns on with a click in Microsoft Azure or Google Cloud. The goal is to make confidential computing so accessible that secure execution becomes the default assumption rather than a specialized deployment choice, and that trust alarms go off when secure execution criteria are not met, much like how a user visiting a non-HTTPS website is greeted with a warning.

Identity and attestation move into standards

Many of the working sessions at the Confidential Computing Summit, hosted by the Linux Foundation, were about turning these mechanisms into standards, following the same path internet security took through bodies such as the IETF and IEEE.

Raghu Yeluri, senior principal engineer at Intel, detailed a composite attestation format that Intel, Microsoft, and NVIDIA built so that attestation data can span confidential VMs, their CPUs, and GPUs, without vendor-specific formats. Yeluri said the group hopes to advance that work toward an RFC within the next year.

That effort runs through the Confidential Computing Consortium, the Linux Foundation community where competing companies collaborate on shared infrastructure problems. The consortium is not trying to become a registry of trusted agents, Bursell added, but rather a place where companies can develop frameworks, best practices, and, equally important, antipatterns.

Identity drew some of the strongest interest at this week’s event. Pawan Khandavilli, senior product manager at Microsoft, pointed to agent payment initiatives from Visa, Mastercard, and Google, the FIDO Alliance’s emerging agent work, SPIFFE workload identities, and RFC 8693 token exchange. The pieces already exist, Khandavilli argued, but “the vocabulary is fragmented.” The challenge now is connecting those identity systems to hardware-backed attestation rather than relying solely on software trust.

The attack surface below the attestation

Hardware-isolated environments are only as secure as the shared substrates beneath them. Zvonko Kaiser, principal systems engineer at NVIDIA, argued that attestation protects the trusted execution environment itself but does not eliminate risks in the shared substrates underneath. The processor cache sits below every isolation boundary, and a 2026 technique called TDXRay demonstrated how information could be observed across virtual machine boundaries. No layer above the cache, Kaiser argued, can completely hide what the cache itself sees.

The Kubernetes control plane presents another challenge. One etcd store may hold secrets for multiple tenants, while a shared scheduler decides where workloads run. Those shared services create opportunities for compromise that sit outside the guarantees provided by confidential computing hardware. 

Antoine Delignat Lavaud, principal researcher at Microsoft, highlighted another limitation. Attestation can prove that a workload runs on authentic confidential computing hardware, but “it doesn’t tell you where it is running,” leaving questions of data residency and sovereignty unresolved.

“Confidential computing is hardware based. If and when vulnerabilities are discovered, it’s much harder to patch those and re-establish the security,” added Edera’s Moore.

Microsoft’s Khandavilli outlined four major gaps that still require industry coordination: binding agent identities directly to hardware, bringing attestation into the Model Context Protocol that increasingly governs tool access, establishing trusted chains when agents delegate work to other agents, and enabling trust relationships across cloud providers. Intel’s Yeluri noted that confidential computing will not solve every security problem, but it provides the foundation upon which higher-level controls can be built.

HTTPS for the agentic era

What was clear from the Confidential Computing Summit is that security for AI agents increasingly resembles the trust infrastructure that underpins today’s internet. Certificates, identity brokers, verification services, and cryptographic handshakes established trust between systems that did not know each other. Agentic AI appears headed toward the same destination. 

For example, last month the Linux Foundation announced DNS-AID, extending domain name system concepts into agent discovery and introducing an Agent Name Service framework for agent identity.

Who ultimately operates those trust services for agents is “still coming out in the wash,” said Bursell. “Regulators, governments, software vendors, cloud providers, and others may all play roles. If you can’t establish trust, you can’t understand or manage risk.”

Confidential computing is focused on the layer beneath those systems, creating ways to verify the environments where agents execute and the actions they perform. If that work succeeds, the trust fabric that emerges around agents may end up looking remarkably similar to the one that quietly powers the internet today.