Hey there! Have you heard about Nvidia’s latest innovation, the Vera Rubin NVL72? Announced at CES 2026, this groundbreaking technology encrypts every bus across 72 GPUs, 36 CPUs, and the entire NVLink fabric. It’s the first rack-scale platform that ensures confidential computing across CPU, GPU, and NVLink domains.
This development is a game-changer for security leaders. Instead of relying on contractual trust with cloud providers to secure complex hybrid cloud configurations, they can now verify them cryptographically. This shift is crucial in a landscape where nation-state adversaries are capable of launching targeted cyberattacks at machine speed.
Let’s Talk About the Economics of Unprotected AI
Research from Epoch AI reveals that frontier training costs have been increasing at a rate of 2.4x annually since 2016. This means that billion-dollar training runs could soon become a reality. However, the infrastructure protecting these investments is still insecure in many deployments. Security budgets are struggling to keep up with the rapid pace of model training, leaving more models vulnerable to threats from adversaries.
According to IBM’s 2025 Cost of Data Breach Report, 13% of organizations have experienced breaches of AI models or applications. Shockingly, 97% of those breached lacked proper AI access controls. Shadow AI incidents are costing organizations an average of $4.63 million, with breaches involving unsanctioned tools exposing customer PII and intellectual property at alarming rates.
Imagine spending millions on a training run only to have your model weights exposed in multi-tenant environments. Hardware-level encryption changes the financial equation entirely by ensuring the environment hasn’t been tampered with.
The GTG-1002 Wake-Up Call
In November 2025, Anthropic disclosed the unprecedented manipulation of Claude Code by a Chinese state-sponsored group known as GTG-1002. This group executed a large-scale cyberattack with minimal human intervention, using AI as an autonomous intrusion agent. The implications of this incident are far-reaching, as attackers can now probe attack surfaces at machine speed using AI.
Comparing Blackwell and Rubin Performance
|
Specification |
Blackwell GB300 NVL72 |
Rubin NVL72 |
|
Inference compute (FP4) |
1.44 exaFLOPS |
3.6 exaFLOPS |
|
NVFP4 per GPU (inference) |
20 PFLOPS |
50 PFLOPS |
|
Per-GPU NVLink bandwidth |
1.8 TB/s |
3.6 TB/s |
|
Rack NVLink bandwidth |
130 TB/s |
260 TB/s |
|
HBM bandwidth per GPU |
~8 TB/s |
~22 TB/s |
Industry Momentum and AMD’s Approach
Research from the Confidential Computing Consortium and IDC shows that 75% of organizations are adopting confidential computing, with many already in production or piloting deployments. Nvidia and AMD are at the forefront of this movement, with Nvidia focusing on integrated confidentiality and AMD prioritizing open standards through consortia like Ultra Accelerator Link and Ultra Ethernet.
The competition between Nvidia and AMD offers security leaders a choice between integrated security and flexibility. Assessing the tradeoffs based on specific infrastructures and threat models is crucial.
What Security Leaders Are Doing Now
Hardware-level confidentiality enhances zero-trust principles by allowing cryptographic verification of trust. This shift enables enterprises to extend zero-trust enforcement across thousands of nodes without the complexity of software-only implementations.
Before deployment, it’s essential to verify attestation for tamper-proof environments. During operation, maintaining separate enclaves for training and inference, involving security teams from the start, and running joint exercises between security and data science teams are key practices to prevent breaches.
The Bottom Line
Nvidia’s Vera Rubin NVL72 and AMD’s Helios are paving the way for secure AI infrastructure. By combining hardware confidentiality with strong governance and realistic threat exercises, organizations can protect their high-value AI models from adversaries. The question for CISOs is no longer whether attested infrastructure is worth it but whether organizations can afford to operate without it in the age of sophisticated cyber threats.
