Super Protocol @super__protocol

→ NVIDIA Press Release nvidianews.nvidia.com/news/vera-rubi… → GPU+CPU TEE requirements superprotocol.com/resources/gpu-…

This fall, Confidential Computing ships at rack scale. 72 GPUs. One TEE. NVIDIA announced Vera Rubin back in March. Now it's ramping to production. Currently, each server forms its own TEE boundary: up to 8 GPUs, 2.3 TB shared memory. Vera Rubin extends this to the entire rack – 72 GPUs, 20.7 TB of shared memory in one TEE. Imagine what model will fit in there! "Everything across this is secure because the AI model is so precious. This is the reason why this entire system obeys confidential computing." – Jensen Huang, NVIDIA CEO, GTC Taipei 2026 What can you do while waiting? We recently updated our GPU + CPU TEE requirements guide, covering all available GPU TEE-capable SKUs, from Hopper to Blackwell, with compatibility details for Intel TDX and AMD SEV-SNP – and what is not TEE-capable as well. Check them out and start deploying Confidential AI today. With Super Swarm – no TEE expertise required. Links in comments 👇

Read the white paper: confidentialcomputing.io/wp-content/upl…

More organizations think they have Confidential Computing than actually do. The CCC's new white paper "3 Degrees of Confidential Computing" makes this concrete: Level 1 migrating to Confidential VMs provides hardware isolation, but as the paper notes, “without integrating remote attestation, it does not meet the definition of Confidential Computing”. However, what is even more telling is the direction in which the paper points beyond Level 3 towards Confidential AI: multi-CVM interactions, AI agent sandboxes, CC-aware network protocols and CC-enforced software provenance. That future isn't theoretical for us. It's what Super Swarm is built on today – self-organizing, mutually attesting GPU clusters that form a single hardware-verified trust domain across cloud, on-prem, hybrid, and multi-cloud environments. Every interaction is independently verifiable. No custom builds. No TEE expertise required. The complexity of operationalizing Confidential AI shouldn't become a project of its own. That's exactly the problem the execution layer should solve. 👉 Link to CCC paper in comments

Confidential Computing Consortium @ConfidentialC2

6 days ago

CC has transitioned from a niche security technology to a strategic imperative for protecting data in use, but its security benefits depend on how deeply it is integrated into your stack. Learn about the practical 3-level maturity model to help orgs roadmap their adoption. ⬇️

0 1 2 829 0

Full episode on what safety really means in clinical AI, and why slow feedback loops are an opportunity: youtube.com/watch?v=WMjrzQ…

The feedback loop healthcare AI never got A radiologist reviews a scan. The AI flags a suspicious mass. The patient is referred, biopsied, diagnosed. The physician closes the loop. The AI never does. Was the flag correct? Was it a false positive? The answer sits in a different EHR, a different department, sometimes a different institution – and arrives months later. Nobody systematically pipes that signal back to the model, because the infrastructure to do so was never built. It is how healthcare has always been organized: services separated, records siloed, pathways fragmented. Imperfect, but functional enough for clinical care – and invisible enough that nobody felt the cost. In most systems, the feedback loop is the first thing you set up. You ship, you measure, you iterate. The signal is fast, systematic, and the model improves. Healthcare AI never got that infrastructure. Rory Pilgrim, Product Manager at Google Research, made an observation in the "Confidentially Yours" episode worth sitting with: The slow feedback loop is not just a limitation. It is an opportunity. If closing the loop leads to better outcomes – fewer missed diagnoses, fewer unnecessary recalls, models that improve on real-world data – institutions have a concrete reason to build the outcome pipelines they never prioritized. AI creates the business case for data infrastructure healthcare never had sufficient reason to build. But acting on that immediately hits a structural wall. Outcome data is patient data – highly regulated and, in most architectures, legally immovable. Traditionally, that immovability is the barrier. The data that would close the loop cannot cross the compliance boundary, so the loop stays open. Super Swarm inverts the problem. Models can live anywhere – on-premise, in the cloud, across institutions. Instead of moving data to the model, computation runs inside a hardware-attested confidential computing environment – where even the operator cannot access what's being processed. Institution-specific outcomes never cross organizational or regulatory lines. The exposure risk is architecturally eliminated. The feedback loop healthcare AI never got is now within reach. 🎥 "Confidentially Yours" with Rory Pilgrim and host Mike Bursell (Advisor, Super Protocol). 👉 Scan to watch the full episode, or find the link in the comments

mckinsey.com/capabilities/t…

"Born out of GPU scarcity, neoclouds now face a harder test." – McKinsey, November 2025 14–16% gross margin after depreciation. Lower than many non-tech retail businesses. The prescribed move is clear: orchestration, managed inference, platform layers. And the market is moving fast. But there’s something already inside the hardware that the stack race is overlooking. H100, H200, B200, B300 — and every generation after — already include confidential computing capabilities. Super Swarm turns those capabilities into a verifiable confidential execution layer for neoclouds – enabling sovereign compute environments for sensitive data and AI workloads. GPU cloud instances stop being just rented compute and become independently verifiable confidential infrastructure. Customers with their own on-prem infrastructure can extend workloads into cloud instances without leaving the trust boundary. That’s not just another platform feature. It’s a different category of infrastructure. 👉 McKinsey: The evolution of neoclouds and their next moves – link in comments

The faster AI scales, the faster confidence in it erodes For nine years Stanford Human-Centered AI has tracked where AI actually stands and suggests where it’s heading across academia, industry, and government. The 2026 report is out. Here's what stood out. Adoption is accelerating. Confidence is eroding. 70% of organizations now use AI in at least one business function. But look one layer deeper: 🔹 Among orgs that experienced incidents, those facing 3-5 per year jumped from 30% to 50% 🔹 "Excellent" incident response self-ratings fell from 28% to 18% Deployment is accelerating. Confidence in handling what breaks is not. Agentic AI is stuck – and the blocker isn't capability. 🔹 62% cite security as #1 barrier to scaling agentic AI – outpaces #2 by 24 percentage points 🔹 Scaled agent use sits in single digits across virtually every business function 🔹 Only exception: tech sector at 24% in software engineering, 22% in IT, 21% in service ops Organizations aren't waiting for better models. They're waiting for infrastructure they can trust. Medical AI hits the same wall – from a different angle. Medical AI is ready to move into live clinical deployment. Prospective trials grew 28.5% year-over-year (417 → 536 in 2025). The pipeline is there. But the data isn't: 🔹 Medical imaging training data is roughly 100x smaller than non-medical AI datasets 🔹 Fragmentation across institutions further limits the development of large-scale medical foundation models The models are ready. The environment to run them on real data is not there yet. Three sectors. Three blockers. One root cause: the gap between how fast AI is being deployed and the infrastructure needed to actually trust what it does. Trust is a vulnerability – and it cannot be legislated away. The policies are already multiplying faster than anyone can implement them – and fragmented regulations across jurisdictions don't provide the technical enforceability that sensitive workloads demand. It demands proof that you can independently verify, automatically enforce, and continuously audit. That is exactly what Super Swarm provides. It bridges the gap by delivering cryptographic proof of what actually ran, on which data, and across independently verified infrastructure. Super Swarm makes verifiable confidentiality an architectural guarantee – not a contractual promise.

Full demo: Super Swarm: Confidential Healthcare AI – MONAI CT Segmentation youtube.com/watch?v=xXc1jP…

Ask a hospital to run AI on their patient data. The answer is always the same. A hospital, a GPU provider, and a medical AI vendor. Everyone has what the others need and none of them can just hand it over. The hospital won't send data to infrastructure they don't control. The vendor won't expose their model. The GPU provider can't take on liability for what runs on their hardware. The model never runs. The patient never benefits. This is the real reason healthcare AI moves slowly. Not the models. Not the regulations. Trust is a vulnerability. Super Swarm solves it structurally. In this demo we used a model from the @ProjectMONAI Model Zoo – open source, anyone can take it. The data is another story. MONAI, originally started by @nvidia and @KingsCollegeLon, is the open-source framework for medical imaging AI. Used at Siemens Healthineers, Mayo Clinic, and beyond. Millions of downloads worldwide. We deployed one of those models on Super Swarm. The app segments the spleen from a CT scan, calculates volume and area, and returns the results. What makes it different is the execution environment and the verifiable proof it leaves behind. The computation runs inside a hardware-protected TEE. Patient data is processed within that sealed environment and never exposed to anyone – including us. Whether the infrastructure is public cloud, on-prem, or hybrid. No policy makes that guarantee. The hardware does. At deployment, Super Swarm generates Deployment Evidence – a cryptographic proof of what code is running, in what environment, on what hardware. No compliance reports. No trust agreements. Access is granted only when the proof matches. Ask a hospital to run AI on their patient data. With Super Swarm, the answer changes – wherever you run it. 👉 Scan to watch the full demo, or find the link in the comments.

Trust. Control. Scale. Access – the full breakdown: superprotocol.com/about/what-is-…

The system works – until you try to automate it. The trust domain spans every infrastructure, every organization. Data never leaves its sealed environment. Nobody depends on anyone else’s goodwill. And then the product team asks: can we automate this? AI agents are already operating on behalf of organizations – querying data, calling models, chaining actions across boundaries. Not one request at a time. Thousands per hour. A bank deploys a fraud detection agent. It needs to cross-reference transaction patterns across three partner institutions in real time. Each request takes milliseconds. Each approval takes days. The fraud happened. The access request is still pending. The verification model still applies. Sealed hardware. Cryptographic proof. A trust domain that spans every cloud and every data center. But the decision about who gets access can't wait for a human to review it. No administrator can keep up. No approval queue moves fast enough. The same rigor that made the first collaboration work becomes the bottleneck that makes the next hundred impossible. This is Problem #4 of 4. The Access Problem. Super Swarm solves this with policy-driven access. Each data owner defines their conditions once: what code, what configuration, what hardware qualifies to touch their data. When an agent requests access, it presents a cryptographic proof of its runtime environment – the same proof a human would review manually. The system checks it automatically. Match – execution is allowed. No match – nothing happens. No human in the loop. No delay. The data owner’s role is simple: define the policy once. The system enforces it at whatever speed the agents operate. A hospital might set conditions as narrow as a specific model, a specific partner, a specific project. Or as broad as any application running inside verified secure hardware with a certified diagnostic framework. The policy reflects their risk tolerance – not the system’s limitations. Hardware nobody can see into. Proofs that verify in milliseconds. Infrastructure that spans every cloud and every data center. Policies that govern access at the speed AI actually operates. Each piece exists because the one before it made it necessary. None of them works on its own. That’s the system. That’s Super Swarm. Trust. Control. Scale. Access. How they connect – link in the comments.👇

The first data collaboration works. Then your AI roadmap asks for ten more. One partnership took long enough that everyone forgot how it started – legal, compliance, integration, security review. The model trained, the results were good, and everyone moved on. Then the product team came back with more ideas. Every new partnership becomes its own project – not just operationally, but technically. Even with the same partners, nothing carries over. A new use case means new rules, new pipelines, new approvals. The environment gets rebuilt from scratch. And the environment itself doesn't stay fixed. What starts as a well-defined setup quickly grows – participants, data, objectives, rules, infrastructure – and becomes impossible to standardize or reuse. ▸ No neutral ground A global FMCG brand – selling through multiple retail chains – wants to build audience models across three competing retailers. Each retailer sees part of the customer journey. The brand sees patterns across all of them. The value is in combining those views. They need a shared environment – somewhere all four can bring data without exposing it to each other. But someone has to run that environment. And whoever runs it controls the execution – whether they can see the data or not. No retailer will use a competitor’s infrastructure. No one agrees on a neutral third party. So they negotiate. And negotiate. Sometimes they never get there. The model never gets built. But even when they do – it works once. It doesn’t scale. ▸ Late to the party Another version of the same problem. A fourth organization wants to join six months in. In the old model, that becomes everyone’s problem – new agreements, integrations, security reviews. Or they just don’t join at all. The value is real. Getting there doesn’t scale. This is Problem #3 of 4. The Scale Problem. Super Swarm creates one environment all participants can join – a single trust domain that spans infrastructure, for any use case, at any stage. Each organization stays on its own infrastructure. Data isn’t shared between participants – it only enters the sealed environment for execution and never becomes visible to or controlled by anyone else. A new organization joins – whether they run on AWS, Azure, GCP, private cloud, or their own infrastructure. It doesn’t matter. Same rules. Same verification. No custom integration. No separate agreements. To the workload, it’s one environment – without being tied to where it runs or who operates it. Adding a participant doesn’t create a new project – it extends what already exists. That’s what makes it scale. Problem #3 of 4. Next: The trust domain now spans every infrastructure, every organization. But what happens when AI agents start operating across it at machine speed – and access has to be granted and enforced without human involvement?

SOC 2 doesn't answer the question that kills the deal. An enterprise company is evaluating an AI vendor. The demo went well. The use case is clear – processing sensitive contracts and financial records. The price works. And then, one question comes up: If something changes on your end, or your provider's – what happens to our data? The vendor points to their SOC 2 certification and their contract with the infrastructure provider. The customer's legal team reads it carefully. It explains how access is managed and what happens if something goes wrong. But it doesn’t define what is technically enforced at runtime – if anything is. The question behind the question: 🔹 who can access your data at runtime 🔹 who can change how it’s processed 🔹 whether safeguards can be bypassed Those are questions of enforcement – not just process. The deal goes on hold. Legal gets involved. Months pass. Nothing moves. The problem isn’t security. It’s control at execution time. This is Problem #2 of 4. We call it the Control Problem. Super Swarm answers those questions at the level where they matter – execution, not policy. The encryption keys protecting your environment are generated inside secure hardware on your infrastructure – wherever it is – and never leave it. No copy exists – not with the infrastructure provider, not with us. The code is fully inspectable and runs on standard Kubernetes – your existing stack works without modification. Your infrastructure decisions outlast any vendor relationship. The system that removes your dependency on partners is itself designed so you never depend on us either. Problem #2 of 4. Next: you've solved trust between parties and you're not dependent on any single vendor. But what happens when you need to scale across dozens of organizations – all on different infrastructure?

Every enterprise AI roadmap has the same graveyard. Partnerships that made obvious sense. Models that would have been genuinely better. Deals that everyone wanted – and nobody could close. The reason is simpler and more frustrating than most people admit: to process data, you have to decrypt it. And the moment it's decrypted, someone on the other side can see it. An admin with the wrong access. A misconfigured bucket. A subpoena nobody anticipated. The exposure doesn't need to be malicious to be real. So the deal goes to legal. Legal adds clauses. IT adds requirements. Security adds reviews. Six months later, you're still negotiating who gets access to what – and you haven't moved a single row. When the next partnership comes, you start from scratch. This is why healthcare AI trains on a fraction of the data that exists. Why bank fraud models stay siloed even when sharing signals would catch more fraud. Why the most valuable collaborations – the ones that need data from more than one organization – are the ones that quietly get shelved. Nobody killed these projects. They just never survived contact with the actual problem. This is Problem # 1 of 4 that have kept enterprise AI stuck. We call it the Trust Problem. Super Swarm starts from a different premise entirely. Your data goes into a sealed hardware execution environment (TEE) – decrypted only inside a processor that nobody outside can access or inspect. The cloud or infrastructure provider can't see in. Your partner can't see in. We can't either. The obvious question: if nobody can see inside, how do you know what's actually running in there? A black box that keeps attackers out keeps everyone else out too. "Trust us, it's secure" is exactly the kind of answer that got these deals killed in the first place. So before any data moves, every party gets a cryptographic proof of the exact code, configuration, and hardware their data will run on – verifiable over a standard browser connection, nothing to install. The same way your browser checks a website's certificate, except this one proves the entire execution state, not just identity. You check the proof. You decide. If anything changes on the other side – different code, different configuration – the proof changes with it, and you see it before your data goes anywhere. The legal process still takes time. But there's finally a technical answer to the question it could never resolve on its own: how do I know you won't look at my data? The hardware makes it physically impossible – and you verified that yourself, before you sent anything. Problem # 1 of 4. Next: you no longer have to trust your partners or the infrastructure. So why should you trust us? Spoiler – you shouldn't have to, and we built it that way.

Banks know more about you than almost anyone. And they do nothing with it. Your salary lands in their account. Your transactions reveal where you go. Their app captures how you behave. Where you live and how you actually live – all visible, all logged. Customers aren't saying "stop collecting my data." They're saying: "You already have it. Why aren't you using it for me?" Alex Pyatigorskiy, product executive with a background spanning Disney, global banks, and telecoms, now CPO at Vama, heard this across thousands of customer interviews. And it reframes the whole problem. Banks are not short on data. But they legally cannot share customer data with partners – and partners won't expose theirs either. So a joint offer that could benefit everyone never gets built. The knowledge stays locked. The customer stays underserved. And loyalty erodes to whoever offers 0.1% more on a savings account. Super Swarm is the architectural answer to that deadlock – verifiable confidential execution that runs on any infrastructure, so partners can collaborate without the ability to expose what isn't theirs to share. The bank finally acts on what it knows. The customer gets served. Not by policy. By architecture. 🎥 "Confidentially Yours" with Alex Pyatigorskiy and host Mike Bursell (Advisor, Super Protocol) Full episode on confidential computing in finance, telco, and agentic AI – where the real use cases are and why trust is still the bottleneck: youtu.be/429JMYQFQCE