en.Wedoany.com Reported - Akamai and NVIDIA are expanding their security collaboration by integrating Akamai Guardicore Segmentation into the NVIDIA Vera BlueField-4 STX storage architecture, powered by the NVIDIA DOCA software platform, to introduce advanced security architecture for AI factories.

This partnership aims to embed zero-trust architecture directly into AI factories to protect the data, contextual memory, and autonomous agents that increasingly drive modern enterprise operations. The new security integration will enable AI factory operators to implement workload-aware isolation, monitor agent behavior, and contain threats at the infrastructure layer, operating at the speed of accelerated computing without impacting the GPU, CPU, or storage cycles that AI workloads depend on.
Ofer Wolf, Senior Vice President of Enterprise Security at Akamai, stated that AI factories are becoming critical assets that must be designed as containable environments, especially as attacks driven by frontier large language models accelerate the speed and scale of cyber threats. In environments where traditional host-based security tools act as speed bumps, migrating workload-aware isolation to the NVIDIA Vera BlueField-4 STX and DOCA enables zero trust to be enforced at the speed of AI workloads themselves, helping organizations contain threats before they spread across high-performance environments.
Kevin Deierling, Senior Vice President of Networking at NVIDIA, noted that data is the foundation of agentic AI factories, powering the intelligence behind autonomous decision-making, making stronger protection more critical than ever for enterprises. The Akamai Guardicore Enterprise Security Platform and the NVIDIA Vera BlueField-4 STX embed a zero-trust layer directly into the infrastructure architecture, helping protect enterprise data by intelligently controlling how AI workloads communicate at scale.
This expanded integration builds on the architectural agreement announced by the two companies in February of last year. Akamai Guardicore Segmentation provides an intelligence layer that continuously maps how workloads, applications, and data interact across hybrid environments, including data centers, cloud infrastructure, Kubernetes clusters, and edge systems. Policies are defined by workload identity, application context, and runtime behavior, rather than static network addresses. Visibility covers the entire lifecycle of AI workloads, enabling the detection of anomalous patterns and unauthorized access to sensitive data.
The NVIDIA Vera BlueField-4 STX, programmable via NVIDIA DOCA, provides a threat detection and enforcement layer in silicon. Security policies are applied at line speed within the data path, residing inside the infrastructure architecture rather than on the host, with enforcement closer to the workload itself, thus not impacting the GPU, CPU, and storage processors that AI factories depend on. Together, the two layers establish identity-based zero trust as a property of the infrastructure.
The joint solution follows the principle that "intelligence must precede enforcement." In terms of visibility, Akamai Guardicore Segmentation continuously maps communication relationships across data centers, clouds, Kubernetes, and edge systems. Its agentless architecture observes AI workloads, including training pipelines, inference services, data ingestion systems, and orchestration platforms, without disrupting them. For policy, it uses workload identity, application context, and runtime behavior to define clear communication policies: pre-processing nodes can access datasets and training services but nothing beyond that; research environments are explicitly separated from production inference; pods can scale and services can evolve without weakening policy boundaries. For enforcement, NVIDIA DOCA applies these policies at line speed within the data path of the BlueField-4 silicon. Security functions include isolation, telemetry, anomaly detection, and containment of compromised systems, all operating within the infrastructure architecture rather than on the host. For containment, when a workload is compromised, the blast radius is limited to a small, identified portion of the environment, allowing the rest of the AI factory to continue operating uninterrupted.










