The author also outlines how Nvidia implements confidential computing, including remote attestation, encrypted communication, and memory isolation. The article then delves into the potential applications of Confidential AI, such as secure outsourcing of AI workloads, IP protection for AI models, and privacy-preserving AI training and inference. The author concludes by expressing excitement about the potential of Confidential AI and reveals that Edgeless Systems is working on adding support for confidential computing-enabled GPUs to their "confidential Kubernetes" Constellation.
Key takeaways:
- Nvidia's Hopper H100 GPUs now support confidential computing, enabling secure AI workloads, IP protection for AI models, and privacy-preserving AI training and inference.
- Confidential computing in GPUs was previously impossible due to the inability to establish trust into an accelerator like a GPU and bootstrap a secure channel to it.
- Confidential AI allows for the creation of "black box" systems that verifiably preserve privacy for data sources, opening up new business models where data can be "rented out" for AI training without compromising privacy.
- Edgeless Systems is working on adding support for confidential computing-enabled GPUs to their "confidential Kubernetes" Constellation, enabling end-to-end confidential AI workloads with the scale and flexibility of Kubernetes.