NVIDIA + Kata Containers: Trusted AI at GPU Scale

58 days ago 12 views Superuser superuser.openinfra.org

Running AI on public data is easy. The hard part is moving sensitive data and valuable models into production without risking leakage while operating at the scale modern GPU clusters demand. That was the blunt message from NVIDIA’s Zvonko Kaiser at the OpenInfra Summit Europe 2025, where he outlined how NVIDIA is using Kata Containers and the CNCF Confidential Containers stack to deliver “trusted AI anywhere”: on-prem, in private clouds, across public CSPs, and out to the edge.

“The real challenge is running AI pipelines on confidential data and protecting model IP,” Kaiser said, noting that for many enterprises, that trust gap is why “66% of enterprises leave >50% of private data unused.”

Below is a concise walkthrough of the problem space, the architecture NVIDIA is advancing with Kata Containers, and what it means for teams building secure AI on Kubernetes.

The trust problem (and why 2025 is different)

Kaiser framed the landscape as three pillars of security for AI:

  • Cryptographic compute (e.g., HE, MPC, ZKP): powerful but often orders of magnitude slower for deep learning.
  • Software sandboxes (e.g., gVisor, Firecracker) reduce the blast radius but still assume trust