AI on Confidential Compute on Azure
Run the AI OS on Azure confidential computing — your data, models, and prompts stay encrypted even while in use, protected from the cloud operator and infrastructure administrators by hardware-level isolation.
Encrypted In Use
Data and models stay encrypted in memory via AMD SEV-SNP and Intel TDX — not just at rest and in transit.
Confidential GPUs
Run AI inference and training on confidential GPU VMs, with the GPU's memory protected inside the trust boundary.
Remote Attestation
Cryptographic proof a workload runs in a genuine, untampered TEE before any secret or model is released to it.
AI on confidential compute on Azure means running AI workloads inside hardware-based Trusted Execution Environments — Azure confidential VMs and GPUs built on AMD SEV-SNP and Intel TDX — so data and models stay encrypted in memory during processing, shielded even from Microsoft and privileged administrators, with remote attestation proving the environment's integrity.
Cloud encryption usually protects data at rest and in transit but leaves it exposed in memory while it is being used. Sovereign confidential computing closes that gap. Running the AI OS on Azure's confidential VMs and GPUs lets you reach hyperscale capacity for AI without surrendering confidentiality of your most sensitive data and models.
Confidential Compute on Azure in the Scrydon platform
One integrated, sovereign architecture. Here is where Confidential Compute on Azure sits — highlighted against the full stack it works with.
The AI OS for Humans & AI Agents to enable your processes
df.plot.bar()
Link your processes, knowledge & data to ontologies.
Unified storage, structured compute, and secure multi-modal data processing.
Autonomous operatives with specialised skills executing tasks across systems.
Sovereign pipelines, federated APIs, and seamless connector meshes.
Secure domain federation, trusted data sharing, and cross-boundary intelligence.
Confidential Compute on Azure in depth
The AI OS only works if it can be trusted. Every layer of the platform rests on a zero-trust infrastructure and identity foundation that operates consistently from fully air-gapped on-premises deployments through to hyperscale cloud environments. Sovereignty is not a feature added on top — it is the condition under which everything else operates.
- Zero-trust architecture: Continuous verification for every request, every user, and every workload — no implicit trust, even inside the perimeter.
- Federated identity: Seamless integration with your existing IdP (SAML, OAuth 2.0, OIDC) for unified, policy-enforced access control.
- Air-gapped deployment: Run the complete platform with no external network dependencies — ideal for defence, critical national infrastructure, and classified workloads.
- Confidential computing: Hardware-level encryption of data in use via AMD SEV-SNP and Intel SGX, protecting workloads even from infrastructure administrators.
Deployment Options: From Air-gapped to Cloud
Deploy the Scrydon platform where it makes sense for you — from air-gapped environments to public cloud — with sovereignty, compliance, and auditability built in.
No data leaves your jurisdiction. No black-box AI. No compromises on control.
This is sovereignty by design.
AI workloads inside a Trusted Execution Environment
The AI OS deploys onto Azure confidential computing so that the entire AI workload — data, model weights, and prompts — is processed inside hardware-isolated enclaves. Keys and secrets are released only after the environment proves its integrity through attestation.
Confidential VMs — Hardware-isolated VMs on AMD SEV-SNP and Intel TDX keep memory encrypted during execution.
Confidential GPUs — GPU-accelerated inference and training with the accelerator inside the confidential trust boundary.
Remote attestation — Azure Attestation verifies the TEE before secrets, keys, or models are provisioned.
Sovereign key management — You hold the keys; Microsoft and administrators cannot read data in use.
Hyperscale capacity without surrendering confidentiality
Regulated and sovereignty-conscious organisations often need cloud-scale AI but cannot expose sensitive data to the cloud operator. Confidential computing on Azure resolves the tension: you get hyperscale elasticity and GPU availability while the data and models remain cryptographically protected from the platform itself — the same zero-trust posture the AI OS applies everywhere else.
Microsoft Fabric, Databricks, and Foundry do not run on confidential compute. Our solution does.
The mainstream Azure analytics and AI platforms — Microsoft Fabric, Databricks, and Azure AI Foundry — process your data in standard, non-confidential compute, leaving it exposed in memory to the cloud operator while in use. The AI OS runs the same class of analytics and AI workloads inside hardware Trusted Execution Environments, so your data, models, and prompts stay encrypted in use and out of reach of Microsoft and privileged administrators.
Fabric, Databricks, Foundry — Run on standard compute — data is decrypted in memory and visible to the platform while being processed.
The AI OS — Runs on Azure confidential VMs and GPUs — data and models stay encrypted in use, protected from the cloud operator by hardware isolation.
Frequently asked questions
How can I run AI and data on Azure Confidential Compute?+
Do Microsoft Fabric, Databricks, and Azure AI Foundry run on confidential compute?+
What is confidential computing on Azure?+
Can AI workloads use confidential GPUs on Azure?+
Is data protected from Microsoft and cloud administrators?+
What is remote attestation?+
Why run sovereign AI on a hyperscaler at all?+
Explore the platform
Email us
Prefer to write? Email hello [at] scrydon.com and we will get back to you.
Partners
Building the future of Data & AI together with leading innovators. Learn more .
