Challenging the Boundaries of Confidential Computing for AI

CENSUS has conducted an in-depth technical evaluation of Confidential AI workloads on Google Cloud Platform (GCP), focusing on the integration of Intel Trust Domain Extensions (TDX) and NVIDIA H100 GPUs within Confidential Virtual Machines (CVMs). The assessment explored whether hardware-based attestation could be extended consistently across both CPU and GPU components and whether a verifiable trust model could be maintained end-to-end. The work was performed on A3 instances, implementing end-to-end attestation flows, validating quote and key hierarchies, and operating under realistic cloud deployment constraints.