gents have repeatedly demonstrated the ability to overcome software constraints. Hardware might be the only way to stop them.
At the Confidential Computing Summit this week in San Francisco, leaders from Google, Apple, Microsoft, AMD, Intel, Anthropic, and other organizations came together to discuss how to create a more secure, cross-platform system for AI agents that's safer than anything offered by a single vendor.
The event's biggest takeaway? It's time to secure AI agents down to the chip level.
"Agents have to have cryptographically enforced identities," Aaron Fulkerson, CEO of Opaque and emcee of the event, told The Deep View.
The biggest surprise of the event? Apple's Ivan Krstić, vice president of security engineering and architecture, showed up to talk about the next stage of Apple's Private Cloud Compute and how the company will use it to power the new Siri unveiled at WWDC 2026 earlier this month.
"Apple doesn't speak at outside conferences," said Fulkerson, "so the significance of what they just announced with Siri sends a very clear message to the entire market that these systems are so intrinsically risky that you have to have a confidential, verifiable system."
Using a combination of open-source solutions and industry standards overseen by The Linux Foundation and the Confidential Computing Consortium, the two pillars that emerged from the event were: Hardware-enforced trust: The first step is to give every agent a unique identifier that can be traced to the chip level to show what they did, what they're allowed to do, and which data they touched. This will make agent behavior observable, trackable, and auditable at a level that meets the most stringent requirements of industries and enterprises, and prepare agents for compliance and regulation.Agent verifiability: At the event, The Linux Foundation announced theAgent Name Service (ANS), which aims to provide every agent with something akin to a serial number, providing a tamper-proof record for tracking and registering agents. This will function similarly to the way the DNS system operates for servers on the internet.
"There's multiple ways to do verifiable systems where you're creating a cryptographic signature to enforce and then prove that it was actually enforced," Fulkerson said. "The question becomes who does the signing? So that's why hardware makes sense. We can trust the hardware supply chain to do the signing, because of encryption keys."
Our Deeper View #
It's no secret that AI agents have repeatedly shown they have the will and skills to bypass software-based rules and guidelines in order to accomplish a goal. That's their greatest strength: they will find a way to do the task that a human asked them to complete. It's also what makes them incredibly risky, and it's why AI pioneers such as Yoshua Bengio have been raising red flags about the imminent risk of these AI agents going rogue and doing things we never intended them to do. Insert your favorite sci-fi nightmare narrative, and it's easy to get a little uneasy. Much respect to the Confidential Computing Summit for bringing together industry heavyweights, academics, and people from various regulated industries for a meaningful dialogue focused on actionable next steps to make agents safe.