Confidential computing moves into mainstream AI use

Confidential computing is moving from niche deployments into mainstream IT strategies as organisations seek stronger protection for data used in artificial intelligence and cross-border collaboration, according to new global research from IDC.

The study, commissioned by the Confidential Computing Consortium (CCC), surveyed more than 600 IT leaders across 15 industries. It found that three-quarters of organisations are adopting confidential computing in some form, although many still face implementation hurdles and skills shortages.

Confidential computing refers to technologies that protect data while it is being processed, rather than only when stored or in transit. Vendors typically implement this through hardware-backed trusted execution environments that isolate workloads from the rest of the system.

"Confidential Computing has grown from a niche concept into a vital strategy for data security and trusted AI innovation," said Nelly Porter, Governing Board Chair, Confidential Computing Consortium. "As international security and compliance regulations tighten, organizations must invest in education and interoperability to meet heightened data confidentiality, integrity and availability standards - and enable secure AI adoption across sensitive environments."

Adoption gathers pace

IDC reported that 75% of surveyed organisations are adopting confidential computing. Within that group, 18% already operate the technology in production, while a further 57% are piloting or testing deployments.

The research highlighted data integrity as the primary benefit. It said 88% of respondents reported improved integrity of data processed in confidential computing environments. A further 73% cited confidentiality with technical assurances, and 68% pointed to better regulatory compliance.

Respondents reported that confidential computing supports a range of business outcomes. They named faster innovation, stronger compliance and increased cost efficiency among the main results. The study stated that combining confidential computing with AI-driven analytics supports secure model training, inference and AI agents on sensitive data sets.

The report described confidential computing as a practical and scalable option when organisations compare it with more complex or resource-intensive privacy techniques. It stated that organisations can apply it to standard computing workloads. It also said this does not require them to rewrite existing applications or algorithms.

Regulation and AI

The study linked the rise in adoption to tighter regulation and growing use of AI in regulated sectors. It said security, compliance and innovation agendas are converging as boards and regulators focus on data in use.

Regulatory frameworks such as the Digital Operational Resilience Act (DORA) are already influencing investment decisions. According to IDC, 77% of organisations are more likely to consider confidential computing because DORA contains explicit requirements on protection of data in use.

Workload security and external threats are the top direct drivers of adoption, cited by 56% of respondents. Protection of personally identifiable information (PII) followed at 51%, and broader compliance requirements at 50%.

New use cases in AI and cloud are also expanding demand. Organisations in the survey said they are using confidential computing to train AI models on regulated data, run inference workloads, and deploy AI agents without exposing sensitive information.

Cloud-led deployments

Public cloud environments show the highest uptake. IDC found that 71% of public cloud users in the sample are the most likely to implement confidential computing technologies. Hybrid and distributed cloud users follow at 45%.

The study linked this trend to the need for scalable security controls across distributed infrastructure and to changing regulatory expectations on cloud-hosted data.

Regional and sector gaps

Adoption patterns differ by geography and sector. For instance, financial services leads by industry, with 37% of organisations in full production. Healthcare follows at 29%, and government at 21%.

Healthcare organisations in the sample showed a stronger focus on multi-party data projects. IDC reported that 78% of healthcare respondents prioritised privacy-preserving data collaborations with multiple parties, compared with 61% in financial services and 26% in government. The report linked this to the handling of highly regulated medical data and emerging AI-based diagnostics that draw on shared datasets.

Barriers and standards

Despite the momentum, the study identified significant barriers. These include challenges in validating attestation, which 84% of respondents cited. Many organisations still view confidential computing as a niche technology, a perception held by 77% of those surveyed. A skills gap affects 75% of respondents.

IDC said these issues require greater industry collaboration, workforce training and technical standardisation. It recommended that organisations start with confined pilot projects that demonstrate measurable value. It also advised adoption of open standards and vendor-agnostic frameworks.

The research urged investment in third-party attestation services and interoperability testing. It also pointed to industry-led groups such as the CCC that work on technical assurance and trust frameworks.

The consortium stated that the next phase of confidential computing will span identity, AI, multi-party collaboration and privacy-preserving analytics across industries and regions.