This site is fictional demo content. It is not real news or affiliated with any real organization. Do not treat it as fact or professional advice.

NextPaper Logo
nextpaper.ccCYBER CHRONICLE
RSS
EN中文

Full article

FULL TEXT

View this issue
Deep diveAI

ConfidentialAI Framework Released: Enterprises Can Train Large Models Without Data Leaving Their Premises

Microsoft and Intel jointly launched the ConfidentialAI framework, enabling large model training with data remaining encrypted throughout, based on hardware trusted execution environments. Initial clients include JPMorgan Chase and Pfizer.

At the end of March 2028, Microsoft and Intel jointly released the ConfidentialAI framework at the RSA Conference in San Francisco. The core concept of this framework is keeping enterprise data encrypted throughout the entire AI training process — from disk reads, through memory, during computation, to final model weight output, the data never exists in plaintext form visible to any external entity, including the cloud service provider itself.

Technically, ConfidentialAI relies on Intel's fourth-generation Xeon processor Trust Domain Extensions (TDX) hardware isolation technology. Each training task runs in a hardware-isolated environment called a "trusted domain," whose integrity is verified by the CPU's internal secure boot chain. Even attackers with physical server access cannot extract data or model parameters from the trusted domain.

JPMorgan Chase became one of the first signing clients. The bank's Chief Data Officer Mark Sullivan stated that financial institutions possess vast amounts of sensitive transaction and customer data highly valuable for training risk assessment models, but compliance requirements previously prevented sending this data to third-party cloud platforms for training. ConfidentialAI makes model training possible without exposing raw data.

Pfizer's application focuses on drug molecule data. Pfizer Chief Scientific Officer Linda Chen revealed the company is using ConfidentialAI to train a molecular docking prediction model, with training data from a joint dataset of multiple pharmaceutical companies, but each party's data remains invisible to others and to Microsoft.

However, the framework faces scrutiny. UC Berkeley security researcher David Wagner pointed out that hardware trusted execution environments are not impervious — multiple side-channel attacks against Intel SGX have been disclosed in recent years. While TDX architecturally improves upon SGX, relying solely on its security for enterprise data protection carries risks.

Microsoft Azure Security VP Ann Johnson responded that ConfidentialAI employs a multi-layered defense strategy, combining hardware isolation with differential privacy noise injection and federated learning aggregation, so even if one layer is breached, the information an attacker obtains remains extremely limited.

ConfidentialAI is priced per training hour with a 15% confidential computing premium per GPU hour. Microsoft expects over 200 enterprise clients to adopt the framework by the end of 2028.