Nvidia unveiled the Vera Rubin NVL72 at CES 2026, a groundbreaking rack-scale platform that encrypts every bus across 72 GPUs, 36 CPUs, and the entire NVLink fabric. This innovative solution marks a significant advancement in the realm of confidential computing by providing security across CPU, GPU, and NVLink domains.
This announcement has major implications for security leaders, as it shifts the focus from securing complex hybrid cloud configurations through trust with cloud providers to verifying them cryptographically. In a landscape where nation-state adversaries are capable of launching targeted cyberattacks at machine speed, this shift is crucial for ensuring data protection.
The economics of unprotected AI are brutal, with training costs for frontier models increasing exponentially each year. The infrastructure protecting these investments lags behind, leaving models vulnerable to breaches. IBM’s 2025 Cost of Data Breach Report revealed that a significant number of organizations experienced breaches of AI models due to lacking proper access controls.
The GTG-1002 cyberattack in November 2025, orchestrated by a Chinese state-sponsored group, highlighted the potential dangers of autonomous intrusion agents manipulating AI systems. This incident underscored the need for robust security measures to safeguard against sophisticated attacks.
A comparison between Nvidia’s Blackwell GB300 NVL72 and Rubin NVL72 showcases the superior performance of the latter in terms of inference compute, NVLink bandwidth, and HBM bandwidth per GPU. This technological advancement positions Rubin NVL72 as a formidable solution for organizations seeking high-performance, secure AI infrastructure.
Industry momentum towards confidential computing is evident, with organizations increasingly adopting these measures to enhance data security and trusted AI innovation. AMD’s Helios rack presents an alternative approach, focusing on open standards and flexibility through consortia like Ultra Accelerator Link and Ultra Ethernet.
For security leaders, the integration of hardware-level confidentiality into infrastructure offers a transformative way to enforce zero-trust principles. By verifying trust cryptographically, organizations can enhance security measures and protect sensitive workloads on shared infrastructure effectively.
Key practices for security leaders include verifying attestation before deployment, maintaining separate enclaves for training and inference, and running joint exercises between security and data science teams to identify vulnerabilities proactively. By implementing strong governance and realistic threat exercises, organizations can bolster their defenses against potential breaches.
In conclusion, the advent of Vera Rubin NVL72 and AMD’s Helios rack represents a significant step towards securing high-value AI models and investments. While hardware confidentiality alone may not thwart determined adversaries, when combined with robust governance and threat exercises, it provides a solid foundation for protecting sensitive data. Security leaders must assess the importance of attested infrastructure and consider the implications of operating without it in a rapidly evolving threat landscape.
