Cloud trust is becoming the next cybersecurity battleground for AI
Cloud trust is becoming the next cybersecurity battleground for AI
Publish Date: 2026-07-03 16:58:00
Source Domain: www.digitaljournal.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
As artificial intelligence (AI) workloads continue their rapid migration to the cloud, a new question is emerging for enterprises, regulators, and cybersecurity professionals: how can organisations verify that the infrastructure processing sensitive data has not been altered, compromised, or tampered with?
The issue is attracting increasing attention as businesses shift mission-critical workloads including AI models, financial systems, healthcare applications, and sensitive analytics to public cloud environments. While cloud providers invest heavily in security, many organisations are seeking independent ways to verify the integrity of the underlying infrastructure.
A new initiative from cybersecurity company DigiCert, developed in collaboration with Google Cloud, aims to address that challenge through the use of independent cryptographic attestation for confidential computing environments.
For years, organisations have relied on cloud providers’ security controls and assurances. However, as data privacy regulations tighten and AI adoption accelerates, customers increasingly want evidence rather than assurances.
The challenge becomes even more complex with generative AI. Large language models process vast amounts of proprietary data, and organisations need confidence that information is being handled within secure and verified environments. According to DigiCert, the solution lies in extending the principles of Public Key Infrastructure (PKI), the technology that underpins trusted internet communications, to cloud infrastructure itself.
What is confidential computing and do you need it?
Confidential computing is one of the fastest-growing areas in cybersecurity.
Unlike traditional cloud security, which protects data when it is stored or transmitted, confidential computing protects information while it is actively being processed. This is achieved through hardware-based trusted execution environments that isolate workloads from other systems and users.
Google Cloud has been a major proponent of confidential computing, positioning it as a security mechanism for protecting sensitive workloads in multi-tenant cloud environments.
The technology is particularly relevant for AI applications because organisations increasingly want to train and run models using proprietary datasets without exposing those datasets to unauthorised access.
However, confidential computing introduces another question: How do organisations independently verify that the protected environment itself is trustworthy?
DigiCert’s approach introduces an additional layer of verification through independent attestation. Rather than relying solely on the cloud provider’s own assessment of system integrity, organisations gain access to third-party cryptographic validation. The system uses certificates, digital identities and cryptographic signatures to verify that cloud-hosted workloads are running in trusted and unmodified environments. In effect, DigiCert is acting as an independent root of trust.
This concept has long been familiar within Internet security. Every time users access a secure HTTPS website, cryptographic certificates provide assurance that they are connecting to a legitimate destination rather than an impersonator. DigiCert argues that a similar model can now be applied to cloud infrastructure itself.
Security claims must become verifiable
The announcement reflects a broader trend in cybersecurity: moving from assumed trust to verifiable trust. Historically, many security controls have depended on faith in provider statements or internal attestations. Increasingly, regulators and customers want cryptographic proof. This mirrors developments elsewhere in cybersecurity, including zero-trust architecture, software supply chain security, and digital identity verification.
The common theme is reducing dependence on assumption and replacing it with objective verification. As Amit Sinha, DigiCert’s CEO, notes, infrastructure assurance is becoming a foundational requirement as organisations handle increasingly sensitive data.
The AI boom is accelerating interest in trusted infrastructure. Many enterprises now run large-scale AI workloads and as AI systems become integrated into decision-making processes, organisations need confidence that neither their data nor their models have been compromised.
Canada and the realm of AI
Canada occupies a special position in the global AI ecosystem. Research centres in Toronto, Montreal and Edmonton have established the country as one of the world’s leading hubs for artificial intelligence innovation. At the same time, Canadian financial institutions, healthcare providers and government organisations are increasing their use of cloud services and AI-powered applications. Canada’s financial sector has been especially active in exploring AI for fraud detection, customer service, and risk modelling.
However, Canadian organisations also operate in an environment shaped by privacy legislation and growing expectations around data governance. As open banking, AI-powered finance and digital public services continue to expand, the demand for independently verifiable infrastructure is likely to grow. This trend aligns with broader discussions taking place across Canada’s technology sector regarding digital trust, cybersecurity resilience and responsible AI deployment.