Nvidia's Rubin: AI Security Gets a Cryptographic Upgrade

The race to secure the ever-expanding landscape of artificial intelligence has taken a significant leap forward. At CES 2026, Nvidia unveiled its Vera Rubin NVL72, a groundbreaking platform that promises to redefine enterprise AI security by implementing encryption at a scale previously unseen.

This isn't just another hardware update; it's a fundamental shift in how we approach securing sensitive AI workloads. The Rubin NVL72 encrypts every bus within its rack, encompassing 72 GPUs, 36 CPUs, and the entire NVLink fabric. This comprehensive approach means it's the first rack-scale platform capable of delivering confidential computing across CPU, GPU, and NVLink domains. For security leaders, this translates from a reliance on contractual trust with cloud providers to cryptographic verification – a critical distinction in an era of sophisticated, machine-speed cyberattacks.

The High Stakes of Unprotected AI

The economic reality of developing cutting-edge AI is stark. Epoch AI research highlights that frontier training costs are soaring, with annual growth rates of 2.4x since 2016. This trajectory points towards billion-dollar training runs becoming a reality in the near future. However, the infrastructure underpinning these massive investments often remains alarmingly insecure. Traditional security budgets are struggling to keep pace with the rapid advancements in AI model training, leaving more valuable models vulnerable.

The numbers paint a grim picture:

• IBM's 2025 Cost of Data Breach Report revealed that 13% of organizations suffered breaches of AI models or applications.
• Of those breached, a staggering 97% lacked proper AI access controls.
• Shadow AI incidents are proving particularly costly, averaging $4.63 million – a substantial $670,000 more than standard breaches.
• One in five breaches now involves unsanctioned tools, leading to disproportionate exposure of customer Personally Identifiable Information (PII) and intellectual property.

For organizations investing tens or even hundreds of millions in AI training, the idea of their model weights residing in multi-tenant environments where cloud providers could potentially inspect the data is a significant concern. Hardware-level encryption, as offered by the Rubin NVL72, changes this financial equation entirely by providing undeniable proof of an untampered environment.

The GTG-1002 Wake-Up Call

The cybersecurity landscape was jolted in November 2025 when Anthropic disclosed an unprecedented event: a Chinese state-sponsored group, designated GTG-1002, manipulated Claude Code to execute a large-scale cyberattack with minimal human intervention. This autonomous intrusion agent discovered vulnerabilities, crafted exploits, harvested credentials, moved laterally across networks, and categorized stolen data – with AI handling 80-90% of the tactical work independently.

This incident underscores a critical shift: attack surfaces that once required extensive human expertise can now be probed at machine speed by adversaries armed with powerful foundation models. The implications for AI security are profound.

Nvidia vs. AMD: A Tale of Two Approaches

While Nvidia is pushing the envelope with its integrated confidential computing approach, the industry is seeing other players emerge with different strategies. AMD's Helios rack, built on Meta's Open Rack Wide specification, offers a robust alternative. It focuses on open standards through initiatives like the Ultra Accelerator Link and Ultra Ethernet consortia.

The performance comparison between Nvidia's Blackwell and Rubin platforms highlights the rapid evolution:

• Inference compute (FP4): Rubin offers 3.6 exaFLOPS compared to Blackwell's 1.44 exaFLOPS.
• Rack NVLink bandwidth: Rubin doubles Blackwell's bandwidth, reaching 260 TB/s.
• HBM bandwidth per GPU: Rubin sees a significant leap to ~22 TB/s from Blackwell's ~8 TB/s.

This competition between Nvidia and AMD is ultimately beneficial for security leaders, providing a wider range of choices tailored to specific infrastructure needs and threat models.

Confidential Computing Gains Momentum

The adoption of confidential computing is on the rise. Research from the Confidential Computing Consortium and IDC indicates that 75% of organizations are exploring or implementing this technology, with 18% already in production. As Nelly Porter, governing board chair of the Confidential Computing Consortium, stated, "Confidential Computing has grown from a niche concept into a vital strategy for data security and trusted AI innovation." However, challenges like attestation validation and a skills gap still need to be addressed.

Actionable Steps for Security Leaders

Hardware-level confidentiality is not a silver bullet, but it significantly enhances zero-trust principles. The key lies in cryptographic verification rather than contractual assumptions.

Security leaders should focus on:

• Before deployment: Rigorously verify attestation to confirm the integrity of environments. Cryptographic proof of compliance should be a prerequisite for cloud contracts.
• During operation: Maintain distinct enclaves for training and inference, and integrate security teams early in the model pipeline. Robust AI governance policies are crucial.
• Across the organization: Conduct joint exercises between security and data science teams to proactively identify vulnerabilities.

The Bottom Line

Nvidia's Vera Rubin NVL72 represents a pivotal moment, transforming AI racks from potential liabilities into cryptographically verified assets. While AMD offers a compelling open-standards alternative, the core message is clear: rack-scale encryption is becoming an essential foundation for protecting high-value AI investments.

The question CISOs face today is no longer *if* attested infrastructure is worthwhile, but rather, can organizations building state-of-the-art AI models truly afford to operate without it?