3 New Ways to Tackle AI Security

Welcome to AI Confidential, your biweekly breakdown of the most interesting developments in confidential AI.

Today we’re exploring:

• Anthropic’s security-focused ASL-3 model

• The massive increase in AI-generated cyberattacks

• Open source projects we’ve been following

Also mentioned in this issue: Jason Clinton, Daniel Rohrer, Daniel Beutel, Aaron Fulkerson, Mark Hinkle, Shirish Bapat, Anthropic, NVIDIA, Flower Labs, Zuora, CyberProof, Team8, World Standards Cooperation,  Accenture, LRQA, Check Point, Reachy Mini, Moonshot AI, and OpenReasoning-Nemotron.

Let’s dive in!

In our last newsletter, we shared insights from three exclusive interviews at the Confidential Computing Summit™.

🎙️Now, we have three more conversations to tell you about, who we talked to for this week’s podcast:

1️⃣ Jason Clinton, Chief Information Security Officer, Anthropic

During our chat, Jason walked us through Anthropic’s latest safety upgrade—a system called ASL-3 designed to prevent bad actors from misusing its model. 

This model is super cool because it:

• Blocks the AI from responding to dangerous questions, like how to build bioweapons

• Locks the model behind extra-secure infrastructure, preventing tampering

• Protects the AI and its data, even while the system is running

While others are still experimenting, Anthropic has already put these safeguards into production.

As AI agents take on more responsibility—running longer, more complex tasks—we need better ways to track their work.

That means rethinking how we handle identity, visibility, and trust from the ground up, starting right now.

2️⃣ Daniel Rohrer, VP of Product Security, Architecture, and Research, NVIDIA

Daniel got straight to the point—as AI systems grow, the security around them must evolve, too. 

At NVIDIA, his team is rising to this challenge by building:

• Models that are signed and verified before use

• “Trust outposts” that double-check systems are safe

• Confidential AI features that protect data across devices and in the cloud

So why go through the extra effort?

Daniel understands that this isn’t a time to slow down.

As AI tools take more control over the software development process, our old ways of testing code are breaking down.

Instead, we need to change trajectories—making sure security is integral from the very start. 

3️⃣ Daniel Beutel, Co-founder & CEO, Flower Labs

This Daniel is tackling the same challenge in a different way—by going straight for the data.

The most valuable AI training data isn’t public. It’s private and risky to share, so it’s locked away inside banks, hospitals, and enterprise businesses. 

But that’s where Flower comes in. 

Flower Labs is an open-source tool that lets organizations train AI across many locations, without ever moving the data itself.

Better yet, Daniel and his team just launched Flower Intelligence, a new engine that lets companies use AI securely by:

• Running large language models locally

• Using secure cloud systems when it needs more power

• Encrypting all prompts and responses from start to finish

This approach is so effective, early adopter Mozilla Thunderbird is already using it to add AI to their enterprise email without ever exposing private content. No data clean rooms. No trust trade-offs.

The bottom line is this: 

Confidential AI is no longer just a concept—it’s here, and it’s working.

Listen to the full interviews (plus a bonus interview with co-hosts Aaron and Mark) to hear even more nuanced insights. The episode is live now, give it a listen here.

Keeping it Confidential

How often do GenAI prompts from enterprise devices risk exposing sensitive data to attackers?

1. 1 in every 80 prompts

2. 1 in every 290 prompts

3. 1 in every 3600 prompts

4. 1 in every 12,000 prompts

See the answer at the bottom.

Code for Thought

Important AI news in <2 minutes

💼 93% of finance leaders see AI as a strategic investment priority, a Zuora survey found, as 79% of leaders are still swamped with manual tasks. 

🚨 Iranian threat actors have escalated the volume of cyberthreats against U.S. and European organizations since June, according to CyberProof. 

🛡️ 1 in 4 CISOs say their companies were hit with AI-generated attacks over the last year, a new Team8 report found, with deepfakes and voice cloning being the most common.

🔐 39% of CISOs want secure AI agents, with 36% eager to use agents to reduce compliance issues by governing employee AI use, the same report found. 

📏 The World Standards Cooperation released two papers urging others to adopt the IEC’s proposed AI standards, aiming to crack down on the misuse of AI-generated content.

Community Roundup

Updates involving OPAQUE and our partners

It’s been over a month since the Confidential Computing Summit™—and the energy is carrying on with our new sizzle reel.

The recap video captures the biggest ideas and sharpest moments from two packed days of talks and workshops, featuring insights from Anthropic, Accenture, and other industry experts. 

Some standout lines:

🗣 “I think we’re going to look at the year of the agents as the same as the year of the steam engine.”

 — Jason Clinton, Anthropic’s CISO

⚡“These agents behave with human-like capabilities. But they operate at machine speed.” 

— Aaron Fulkerson, OPAQUE’s CEO 

What are you waiting for? Watch the full video now:

Craving more? Our full 2025 Summit takeaways report drops soon—packed with use cases and insights for what’s coming next. Stay tuned.

Fresh reporting

It’s official—agentic and genAI are the next frontier of business innovation.

In their recent report, McKinsey & Company broke down how AI is transforming the industry for insurance professionals, including how it’s:

• Improving routing and outreach, by generating lists of high-potential leads & having agents tailor messages for maximum impact.

• Tackling agent preparation, by summarizing customer insights into a Customer 360 profile and suggesting the most effective sales scripts.

• Enhancing customer servicing, by responding to queries 24/7 and automatically capturing customer details and decisions.

• Boosting customer sales, by listening to responses in real-time and instantly summarizing insights into recommended next steps.

• Conducting sales quality assessments, by analyzing agent performance during sales calls and offering personalized training opportunities.

These claims are backed by impressive stats, too.

According to McKinsey, insurers using AI are seeing double-digit improvements in efficiency and productivity—and this is just the beginning.

📖 If you’re interested, give the report a read. It’s incredibly eye-opening!

Open source spotlight 

🤖 Hugging Face’s Reachy Mini is an open-source robot companion designed to interact with humans, built so developers can personalize the robot’s capabilities. 

🚀 Moonshot AI released Kimi K2, an LLM with advanced coding and agentic capabilities, claimed to perform better than Anthropic and DeepSeek.

🧠 NVIDIA distilled DeepSeek’s LLM to create OpenReasoning-Nemotron, a collection of smaller models with domain expertise in math, science, and coding. 

Quotable

⚔️ “AI is quickly becoming foundational to how business is done, whether you’re building models or not. Your competitors, customers, and partners are adopting AI tools, and understanding how these systems work will be critical to staying relevant.” 

— Shirish Bapat, AI and cybersecurity product leader for LRQA

Trivia answer: 1 in every 80 prompts.

According to Check Point’s 2025 Research AI Security Report, 1 in every 80 prompts sent to GenAI services from enterprise devices had a high risk of leaking sensitive data. Additionally, 7.5% of prompts contained potentially sensitive data. That’s not good.

Stay confidential!

- Your friends at OPAQUE

ICYMI: Links to past issues

• On, In, & Transparent: A New AI Framework

• The Internet of Agents is Coming

• Understanding Data Complexity