Confidential Supercomputing: Essential Evolution or Elegant Illusion?
Speakers: Sadaf Alam (Bristol Centre for Supercomputing (BriCS) University of Bristol) · Martin O'Reilly (The Alan Turing Institute) · Nigel Edwards (HPE Labs)
Session summary
This panel, moderated by Sadaf Alam (Bristol Centre for Supercomputing, University of Bristol), debates whether confidential computing is an essential evolution or an elegant illusion for supercomputing centers. Panelists Martin O'Reilly (The Alan Turing Institute), Nigel Edwards (HPE Labs), CJ Newburn (NVIDIA), and Sam Manteau (AMD) discuss whether health, finance, and frontier AI workloads will require a confidential computing story within five years. They agree the hardware primitives already exist in trusted execution environments (TEEs) on CPUs and GPUs, but integration into workflows, application development, and attestation remains immature. Key barriers include performance overhead on shared HPC systems, the complexity of attestation and building a full chain of trust, the lack of standardization, and supply chain attacks. The panel addresses whether confidential computing is marketing hype, concluding that while perfect security does not exist, TEEs meaningfully shrink the attack surface and protect against common threats such as credential compromise and lateral movement, forming part of a defense-in-depth strategy. Discussion of the TEE.fail work notes that demonstrated attacks were largely implementation mistakes requiring sophisticated physical access, currently out of scope for TEE threat models. Audience questions raise the challenge of securing the entire data life cycle beyond compute, the tension of trusting a single physical and software provider, the value of third-party auditing and certification, regulatory drivers such as DORA, post-quantum key vulnerabilities, and alternatives like fully homomorphic encryption, which panelists view as too expensive for general use.
Topics: confidential computing · trusted execution environments · attestation · supply chain security · defense in depth · fully homomorphic encryption
AI-generated summary of an auto-generated transcript (~8,748 words in full). Details may be imprecise — verify against the session recording.
Auto-generated captions from ISC 2026 session recordings · transcription errors likely, verify quotes against the video · timestamps are offsets into each recording · independent tool, not affiliated with ISC · a Radixia Labs experiment
