AI factory security begins at the hardware layer — a fact that is taking on new urgency as enterprises scramble to secure the infrastructure powering the next computing era.

The rise of agentic AI and on-premises AI deployments is forcing enterprises to think harder about where trust actually begins in a compute stack. Every software security control, every policy guardrail and every monitoring layer ultimately depends on the integrity of the hardware it runs on, according to Mike Ferron-Jones (pictured, right), go-to-market lead for platform security and integrity at Intel Corp. These concerns will be front and center at Dell Technologies Inc.’s flagship conference later this month, where AI infrastructure security is shaping up to be a defining theme as enterprises accelerate on-premises AI deployments.

“The CPU is the fundamental hardware root of trust in the entire security stack,” Ferron-Jones said. “We often tell people that your choice of a CPU is your very first security decision that you are making.”

Ferron-Jones spoke with theCUBE’s Dave Vellante (left) at the Securing the AI Factory with Dell Technologies and Intel event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how Intel’s Xeon platform functions as the foundation for AI factory security, from confidential computing to post-quantum cryptography readiness. (* Disclosure below.)

AI factory security fundamental to support scale

Intel’s “2026 Platform Security Report” makes the case that security must be engineered into silicon itself before any software control above it can be trusted — a likely topic heading into Dell Technologies World. To this end, Intel organizes its data center security capabilities into four broad areas: protecting the platform itself from boot-level compromise, protecting data through confidential computing, enforcing safe software behavior through hardware controls and accelerating encryption without performance penalty, Ferron-Jones explained. The combination is increasingly relevant as AI workloads handling sensitive data demand stronger isolation guarantees — and those workloads span far more of the stack than most enterprises realize.

“The AI system is more than just training or inference on the GPU,” he said. “There’s all kinds of processes in the pipeline from data ingest and staging, then there’s the training, then there’s the inference, then there’s the output and the processing of the result. A lot of that happens on CPUs in partnership with GPUs.”

Central to Intel’s AI security strategy is confidential computing, delivered through technologies such as Intel Software Guard Extensions and Trust Domain Extensions, which create hardware-enforced trusted execution environments, according to Ferron-Jones. The approach gives organizations cryptographic attestation of where and how sensitive workloads are running — a critical requirement for regulated industries moving AI on-premises rather than into the cloud. Intel has also developed a reference architecture in partnership with Nvidia Corp. to extend confidential AI environments to GPU-accelerated workloads.

“With confidential AI environments, the processes that you’re running in your AI systems are put inside a trusted execution environment that is cryptographically attested for integrity,” Ferron-Jones said. “Data is only released into the confidential trusted execution environment using encryption keys that you control. Whether you’re concerned about regulatory compliance or data sovereignty or just classic cybersecurity, you’re holding the keys to protect your data.”

Looking further ahead, there’s a critical case to act on post-quantum cryptography, or PQC — the migration from classical encryption to quantum-safe algorithms that can withstand attacks from future quantum computers. Dell global Chief Technology Officer John Roese warned earlier this year that quantum computing will break the encryption protecting data today, while agentic AI raises the stakes further by increasing the value of that data. The most relevant AI factory security threat is not a real-time quantum attack but a “harvest now, decrypt later” scenario, where adversaries collect encrypted data today and decrypt it once quantum capability matures, Ferron-Jones explained. Intel began its quantum-safe cryptographic transition with its Xeon 6 processors and expects all cryptographic operations across its platforms to use quantum-safe technology by 2029.

“Even if [encrypted data] is exfiltrated today, it can’t be cracked open in 10 years or 15 years with a quantum computer,” Ferron-Jones said. “You can start protecting yourself today, particularly against those harvest now, decrypt later scenarios, by encrypting stored data with the quantum-safe AES-256 algorithm. One great thing is there’s instructions inside today’s Xeon CPUs that accelerate that thing. You can flip over to the quantum-safe, more sophisticated algorithm and not feel the big bite of going to that larger key size.”

Stay tuned for the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the “Securing the AI Factory with Dell Technologies and Intel” event.

(* Disclosure: TheCUBE is a paid media partner for the “Securing the AI Factory with Dell Technologies and Intel” event. Neither Dell, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE