Fortanix Confidential AI Protects Proprietary Model IP and Data for Secure AI Inference in Enterprise AI Factories.

Learn More

The Coming AI Factory Build‑Out & Why Now for Security

Anand Kashyap
Anand Kashyap
Apr 13, 2026
Share this post:
ai-factory-build-out

I’ve spent most of my career in security, and one pattern repeats itself over and over again: we rush to build new technology stacks, and only later do we step back and ask, “How are we going to secure all of this?”

We saw that with the early internet, with mobile, and with the first wave of cloud. Today, we are at a similar turning point with AI, specifically with the rise of AI factories and AI data centers.

Right now, the industry is pouring enormous energy and investment into building dedicated infrastructure for AI. At the same time, we finally have the building blocks to secure AI workloads in a fundamentally better way, using confidential computing and confidential AI.

The key question for leaders is simple: will we build security now, or try to bolt it later once AI factories are already everywhere?

From General‑Purpose Clouds to AI Factories

Over the last decade, hyperscale clouds have become the default place to run applications. They are incredibly powerful, but they were designed as general‑purpose platforms very much like CPUs at the chip level.

AI is pushing us toward something different.

In the AI world, I like the analogy between CPUs and GPUs. CPUs handle a wide variety of tasks; GPUs are designed to accelerate specific kinds of computation. In infrastructure terms:

  • Hyperscalers look a lot like CPUs: flexible, general‑purpose, able to run almost anything.
  • AI factories are closer to GPUs: they are purpose‑built data centers designed to do one thing extremely well, run AI models and agents.

Inside an AI factory, everything is optimized around generating tokens efficiently: the hardware configuration, the interconnects, the storage, the scheduling, and the software stack on top.

As we move into a world of AI‑native applications, customer support agents, sales agents, coding agents, and many more running, these workloads on generic infrastructure become less attractive.

You want them running where cost per token and energy per token are optimized. That’s exactly what AI factories are being built to do.

Why the “Time Has Come” for AI Factories

When people ask me why AI factories are such a big focus right now, one of the clearest signals is how strongly companies like NVIDIA are leaning in. They are not only building the chips but also articulating reference architectures for AI factories that include the entire stack from hardware up to orchestration, security, models, and agents. That kind of end-to-end framing is helping the industry understand what large-scale AI infrastructure actually looks like in practice.

Beyond that momentum, several broader trends have converged at the same time.

First, the world now has a much better understanding of confidential computing and related hardware capabilities. Availability has increased both from the chip side and the cloud side. Technology that used to be niche is now becoming mainstream.

Second, AI has become a major operational use case for this technology. Since the launch of ChatGPT, AI has “taken over the world” in the sense that people use it every day, and enterprises are now deploying it in production across many industries. Regulated sectors like financial services, government, and healthcare feel a strong urge to use AI, but they also have to stay compliant and secure.

Third, regulation and sovereignty concerns are rising. Laws and regulations in different regions are forcing organizations and governments to think carefully about where their data lives, how it is processed, and what legal regimes it touches. There is also a growing focus on data sovereignty at the national level.

All of this is happening at once, and it is driving a massive wave of AI factory build-out. In my view, we are still in the early stages of that wave.

A Massive Infrastructure Investment Cycle

When you think about the scale of what’s being built, it is striking.

AI workloads require large amounts of specialized compute and dense, power‑hungry infrastructure. Industry leaders are talking about AI data centers measured in gigawatts of power, and the capital costs for those facilities are enormous. Building these AI factories is a multi‑year, multi‑billion‑dollar effort.

At the same time, the software stack that will run on top of this infrastructure is still rapidly evolving:

  • The way we orchestrate AI workloads.
  • The models and agents we deploy.
  • The tools we use to operate, observe, and manage them.

From my perspective, we’re not just building bigger data centers, we’re building a new computing substrate that will underpin many of the applications people use every day.

And that brings us back to security.

The Risk of Repeating Old Security Mistakes

Looking back at previous technology transitions, the story is familiar:

  • We build the infrastructure and ship products as fast as we can.
  • Adoption grows, and attackers follow the value.
  • The first major incidents and breaches surface.
  • Regulators and customers demand stronger security and compliance.
  • We scramble to retrofit security into systems that were never designed with it in mind.

In AI, there is a real risk that we repeat this playbook:

  • AI factories and AI‑native applications get deployed everywhere.
  • Sensitive data and critical decisions move into these systems.
  • Only then do we fully confront the implications of model theft, data leakage, compliance, and sovereign control.

By that point, a lot of assumptions will be baked into infrastructure, architecture, and business models. Retrofitting security after the fact is always more expensive and less effective than building it in from day one.

Why “Now” for Confidential Computing and Confidential AI

The good news is that, this time, we already have a powerful tool to avoid repeating the same mistakes: confidential computing, and by extension, confidential AI.

Confidential computing gives us hardware‑enforced environments where code and data are protected while in use. When we apply this to AI, we can:

  • Treat model weights as the crown jewels and keep them encrypted at rest, in transit, and only decrypt them inside trusted, attested environments.
  • Protect user prompts and responses from exposure to infrastructure operators or other tenants.
  • Secure the enterprise context that AI uses, data from systems like SharePoint, Slack, Confluence, and databases during processing, not just at rest.

That fundamentally changes the security model for AI factories. Instead of relying only on perimeters, we can protect the most sensitive assets inside the runtime itself.

From a timing perspective, this is crucial. As AI factories are being designed and built right now, there is a window to make confidential computing and confidential AI part of the default architecture:

  • Included in reference designs and blueprints.
  • Integrated into orchestration and platform layers.
  • Exposed as standard capabilities to model providers and enterprise customers.

If we miss this window and treat confidential AI as something to “add later,” we risk ending up with a generation of AI infrastructure that has to be heavily reworked to meet security, compliance, and trust requirements.

A Call to Leaders: Make Security a First‑Class Requirement

I’m a firm believer that security should be built in, not bolted on. In the context of AI factories, that belief is more relevant than ever.

If you are making decisions about AI strategy, cloud platforms, or data center investments, I would encourage you to ask a few specific questions:

  • How will our AI factories protect model weights, prompts, and context at runtime?
  • Can we support sovereign and regulated workloads without asking customers to give up control over their data or our models?
  • Are we treating confidential computing as an integral part of our AI stack, or as an optional add‑on?

The AI factory build‑out is happening now. The infrastructure decisions we make in this period will shape the security, compliance, and trust posture of AI for many years.

We have an opportunity to do things differently this time—to embed strong, hardware‑rooted protections into the platforms we’re building, and to make confidential AI a foundational part of the new computing substrate.

If we get that right, we won’t just have more powerful AI factories. We’ll have AI factories we—and our customers and regulators—can actually trust.

Confidential-Computing
Share this post:

Platform

Fortanix Platform

Confidential AI

Data Security Manager

Confidential Computing Manager

Armet AI

NEW

Key Insight

Open Source Platform

Enclave Development Platform®

Solutions

Use Cases

Legacy to Cloud Infrastructure Migration

Regulatory Compliance

Post-Quantum Readiness

Secure, Data-Driven Innovation

Company

About Us

Partners

Careers

Confidential Computing

University

Blog

FAQ

Contact Us

Awards

Events

Webinars

Press

News

Services

Media Kit

Newsletters

Customers

Resources

Support

Fortanix-logo

4.6

star-ratingsgartner-logo

As of January 2026

SOCISOPCI DSS CompliantFIPSGartner Logo

US

Europe

India

Singapore

4500 Great America Parkway, Ste. 270
Santa Clara, CA 95054

+1 408-214 - 4760|info@fortanix.com

High Tech Campus 5,
5656 AE Eindhoven, The Netherlands

+31850608282

UrbanVault 460,First Floor,C S TOWERS,17th Cross Rd, 4th Sector,HSR Layout, Bengaluru,Karnataka 560102

+91 080-41749241

T30 Cecil St. #19-08 Prudential Tower,Singapore 049712