Fortanix and NVIDIA partner on AI security platform for highly regulated industries
Data security company Fortanix Inc. announced a new joint solution with NVIDIA: a turnkey platform that allows organizations to deploy agentic AI within their own data centers or sovereign environments, backed by NVIDIA’s "confidential computing" GPUs.
“Our goal is to make AI trustworthy by securing every layer—from the chip to the model to the data," said Fortanix CEO and co-founder Anand Kashyap, in a recent video call interview with VentureBeat. "Confidential computing gives you that end-to-end trust so you can confidently use AI with sensitive or regulated information.”
The solution arrives at a pivotal moment for industries such as healthcare, finance, and government — sectors eager to embrace AI but constrained by strict privacy and regulatory requirements.
Fortanix’s new platform, powered by NVIDIA Confidential Computing, enables enterprises to build and run AI systems on sensitive data without sacrificing security or control.
“Enterprises in finance, healthcare and government want to harness the power of AI, but compromising on trust, compliance, or control creates insurmountable risk,” said Anuj Jaiswal, chief product officer at Fortanix, in a press release. “We’re giving enterprises a sovereign, on-prem platform for AI agents—one that proves what’s running, protects what matters, and gets them to production faster.”
Contents
Secure AI, Verified from Chip to Model
At the heart of the Fortanix–NVIDIA collaboration is a confidential AI pipeline that ensures data, models, and workflows remain protected throughout their lifecycle.
The system uses a combination of Fortanix Data Security Manager (DSM) and Fortanix Confidential Computing Manager (CCM), integrated directly into NVIDIA’s GPU architecture.
“You can think of DSM as the vault that holds your keys, and CCM as the gatekeeper that verifies who’s allowed to use them," Kashyap said. "DSM enforces policy, CCM enforces trust.”
DSM serves as a FIPS 140-2 Level 3 hardware security module that manages encryption keys and enforces strict access controls.
CCM, introduced alongside this announcement, verifies the trustworthiness of AI workloads and infrastructure using composite attestation—a process that validates both CPUs and GPUs before allowing access to sensitive data.
Only when a workload is verified by CCM does DSM release the cryptographic keys necessary to decrypt and process data.
“The Confidential Computing Manager checks that the workload, the CPU, and the GPU are running in a trusted state," explained Kashyap. "It issues a certificate that DSM validates before releasing the key. That ensures the right workload is running on the right hardware before any sensitive data is decrypted.”
This “attestation-gated” model creates what Fortanix describes as a provable chain of trust extending from the hardware chip to the application layer.
It’s an approach aimed squarely at industries where confidentiality and compliance are non-negotiable.
From Pilot to Production—Without the Security Trade-Off
According to Kashyap, the partnership marks a step forward from traditional data encryption and key management toward securing entire AI workloads.
Kashyap explained that enterprises can deploy the Fortanix–NVIDIA solution incrementally, using a lift-and-shift model to migrate existing AI workloads into a confidential environment.
“We offer two form factors: SaaS with zero footprint, and self-managed. Self-managed can be a virtual appliance or a 1U physical FIPS 140-2 Level 3 appliance," he noted. "The smallest deployment is a three-node cluster, with larger clusters of 20–30 nodes or more.”
Customers already running AI models—whether open-source or proprietary—can move them onto NVIDIA’s Hopper or Blackwell GPU architectures with minimal reconfiguration.
For organizations building out new AI infrastructure, Fortanix’s Armet AI platform provides orchestration, observability, and built-in guardrails to speed up time to production.
“The result is that enterprises can move from pilot projects to trusted, production-ready AI in days rather than months,” Jaiswal said.
Compliance by Design
Compliance remains a key driver behind the new platform’s design. Fortanix’s DSM enforces role-based access control, detailed audit logging, and secure key custody—elements that help enterprises demonstrate compliance with stringent data protection regulations.
These controls are essential for regulated industries such as banking, healthcare, and government contracting.
The company emphasizes that the solution is built for both confidentiality and sovereignty.
For governments and enterprises that must retain local control over their AI environments, the system supports fully on-premises or air-gapped deployment options.
Fortanix and NVIDIA have jointly integrated these technologies into the NVIDIA AI Factory Reference Design for Government, a blueprint for building secure national or enterprise-level AI systems.
Future-Proofed for a Post-Quantum Era
In addition to current encryption standards such as AES, Fortanix supports post-quantum cryptography (PQC) within its DSM product.
As global research in quantum computing accelerates, PQC algorithms are expected to become a critical component of secure computing frameworks.
“We don’t invent cryptography; we implement what’s proven,” Kashyap said. “But we also make sure our customers are ready for the post-quantum era when it arrives.”
Real-World Flexibility
While the platform is designed for on-premises and sovereign use cases, Kashyap emphasized that it can also run in major cloud environments that already support confidential computing.
Enterprises operating across multiple regions can maintain consistent key management and encryption controls, either through centralized key hosting or replicated key clusters.
This flexibility allows organizations to shift AI workloads between data centers or cloud regions—whether for performance optimization, redundancy, or regulatory reasons—without losing control over their sensitive information.
Fortanix converts usage into “credits,” which correspond to the number of AI instances running within a factory environment. The structure allows enterprises to scale incrementally as their AI projects grow.
Fortanix will showcase the joint platform at NVIDIA GTC, held October 27–29, 2025, at the Walter E. Washington Convention Center in Washington, D.C. Visitors can find Fortanix at booth I-7 for live demonstrations and discussions on securing AI workloads in highly regulated environments.
About Fortanix
Fortanix Inc. was founded in 2016 in Mountain View, California, by Anand Kashyap and Ambuj Kumar, both former Intel engineers who worked on trusted execution and encryption technologies. The company was created to commercialize confidential computing—then an emerging concept—by extending the security of encrypted data beyond storage and transmission to data in active use, according to TechCrunch and the company’s own About page.
Kashyap, who previously served as a senior security architect at Intel and VMware, and Kumar, a former engineering lead at Intel, drew on years of work in trusted hardware and virtualization systems. Their shared insight into the gap between research-grade cryptography and enterprise adoption drove them to found Fortanix, according to Forbes and Crunchbase.
Today, Fortanix is recognized as a global leader in confidential computing and data security, offering solutions that protect data across its lifecycle—at rest, in transit, and in use.
Fortanix serves enterprises and governments worldwide with deployments ranging from cloud-native services to high-security, air-gapped systems.
"Historically we provided encryption and key-management capabilities," Kashyap said. "Now we’re going further to secure the workload itself—specifically AI—so an entire AI pipeline can run protected with confidential computing. That applies whether the AI runs in the cloud or in a sovereign environment handling sensitive or regulated data.
