Distributed Confidential AI Agents

As the LLM driven agentic industry is maturing, we are moving towards a marketplace of independent tools for agent builders to choose from; often hosted in the cloud and from third-party vendors. On the other hand, for AI agents to be useful, they need to process data and access to systems that matter; which are often confidential and private. This fast pace of growth coupled with the sensitivity of the data being utilized along with the need to not "chain" or restrict the agents' capabilities can result in catastrophic security lapses.

Confidential and trusted execution environments (TEEs) leveraging both confidential CPU and GPU technologies have the potential to work seamlessly with AI agents while ensuring user privacy. Thus far, harnessing confidential computing technology in an agile and seamless way for fast moving agentic workloads has been elusive. In this talk, we address this challenge by discussing how to leverage Confidential Container technology with confidential GPUs to host and deploy a secure and distributed AI Agent. Specifically, we will describe the security concerns of agentic platforms, the agent-specific policies, how the policy gets mapped to different enforcement points in Kubernetes running Kata containers, and how different components of the agent get distributed, especially components handling sensitive data. The audience will take away security implications of a distributed AI Agent in the cloud and how to leverage Confidential Container technology with confidential GPU to unlock enterprise use cases.