https://www.sakurasky.com/tags/confidential-computing/Recent content in Confidential-Computing on Sakura Sky: Cloud, Data, SecurityHugoen-USSakura SkyFri, 19 Jun 2026 10:17:16 +0200https://www.sakurasky.com/blog/regulatory-stack-part-6/Thu, 18 Jun 2026 00:00:00 -0400https://www.sakurasky.com/blog/regulatory-stack-part-6/<style> .series-pull-quote { float: right; clear: both; width: 340px; margin-left: 2rem; margin-bottom: 1.5rem; border: 1px solid #e9ecef; border-radius: 6px; overflow: hidden; background-color: #ffffff; position: relative; z-index: 20; } @media (max-width: 768px) { .series-pull-quote { float: none; clear: both; width: 100%; margin-left: 0; } } .series-header { background-color: #f8f9fa; color: #6c757d; font-size: 0.65rem; font-weight: 700; letter-spacing: 0.05em; padding: 0.8rem 1.25rem; border-bottom: 1px solid #e9ecef; } .part-label { display: block; font-size: 0.6rem; color: #adb5bd; margin-bottom: 0.15rem; text-transform: uppercase; } .nav-link-text { font-size: 0.85rem; line-height: 1.4; color: #495057; text-decoration: none; position: relative; z-index: 21; } .active-part { border-left: 4px solid #000 !important; background-color: #ffffff !important; } .active-part .nav-link-text { font-size: 0.9rem; font-weight: 700; color: #212529; text-decoration: underline; text-underline-offset: 3px; } .locked-part .nav-link-text { color: #ced4da; } .list-group-item { border-bottom: 1px solid #f8f9fa; padding: 1rem 1.25rem !important; } </style> <aside class="series-pull-quote shadow-sm"> <div class="series-header"> READ MORE IN THIS SERIES </div> <div class="list-group list-group-flush"> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-1/" class="nav-link-text">Part 1 - AISVS Has 14 Categories. GATE Has 16 Controls. Here Is the Map.</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-2/" class="nav-link-text">Part 2 - Why the Boardroom Should Be Funding the Verification Layer in 2026</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-3/" class="nav-link-text">Part 3 - How the EU AI Act Made Verification a Legal Question, Not a Best-Practice One</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-4/" class="nav-link-text">Part 4 - Engineering Under the AI Act: Article 15 Cybersecurity in Practice</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-5/" class="nav-link-text">Part 5 - The Cyber Resilience Act Closes the Last Loophole</a> </div> </div> </div> <div class="list-group-item active-part "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-6/" class="nav-link-text">Part 6 - Building Under the CRA: A Reference Architecture</a> </div> </div> </div> </div> </aside> <p>The strategic cases have been made, the legal liabilities mapped, and the 24-hour reporting stopwatches calibrated. If you have followed this series from <a href="https://www.sakurasky.com/blog/regulatory-stack-part-1/" >Part 1&rsquo;s AISVS-to-GATE map</a> through <a href="https://www.sakurasky.com/blog/regulatory-stack-part-5/" >Part 5&rsquo;s CRA reporting clock</a>, you know the thesis by heart: the model is not the product; the runtime is the product. The work is in the wiring.</p>https://www.sakurasky.com/blog/regulatory-stack-part-5/Mon, 15 Jun 2026 00:00:00 -0400https://www.sakurasky.com/blog/regulatory-stack-part-5/<style> .series-pull-quote { float: right; clear: both; width: 340px; margin-left: 2rem; margin-bottom: 1.5rem; border: 1px solid #e9ecef; border-radius: 6px; overflow: hidden; background-color: #ffffff; position: relative; z-index: 20; } @media (max-width: 768px) { .series-pull-quote { float: none; clear: both; width: 100%; margin-left: 0; } } .series-header { background-color: #f8f9fa; color: #6c757d; font-size: 0.65rem; font-weight: 700; letter-spacing: 0.05em; padding: 0.8rem 1.25rem; border-bottom: 1px solid #e9ecef; } .part-label { display: block; font-size: 0.6rem; color: #adb5bd; margin-bottom: 0.15rem; text-transform: uppercase; } .nav-link-text { font-size: 0.85rem; line-height: 1.4; color: #495057; text-decoration: none; position: relative; z-index: 21; } .active-part { border-left: 4px solid #000 !important; background-color: #ffffff !important; } .active-part .nav-link-text { font-size: 0.9rem; font-weight: 700; color: #212529; text-decoration: underline; text-underline-offset: 3px; } .locked-part .nav-link-text { color: #ced4da; } .list-group-item { border-bottom: 1px solid #f8f9fa; padding: 1rem 1.25rem !important; } </style> <aside class="series-pull-quote shadow-sm"> <div class="series-header"> READ MORE IN THIS SERIES </div> <div class="list-group list-group-flush"> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-1/" class="nav-link-text">Part 1 - AISVS Has 14 Categories. GATE Has 16 Controls. Here Is the Map.</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-2/" class="nav-link-text">Part 2 - Why the Boardroom Should Be Funding the Verification Layer in 2026</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-3/" class="nav-link-text">Part 3 - How the EU AI Act Made Verification a Legal Question, Not a Best-Practice One</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-4/" class="nav-link-text">Part 4 - Engineering Under the AI Act: Article 15 Cybersecurity in Practice</a> </div> </div> </div> <div class="list-group-item active-part "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-5/" class="nav-link-text">Part 5 - The Cyber Resilience Act Closes the Last Loophole</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-6/" class="nav-link-text">Part 6 - Building Under the CRA: A Reference Architecture</a> </div> </div> </div> </div> </aside> <h2 id="the-low-risk-illusion">The Low-Risk Illusion</h2> <p>A dangerous sense of relief has settled over enterprise product teams whose AI applications fell outside the high-risk categories of the EU AI Act&rsquo;s Annex III. The assumption is that because an agent merely summarises documentation, routes internal support tickets, or drafts marketing copy, it sits safely outside the regulatory microscope.</p>https://www.sakurasky.com/blog/regulatory-stack-part-4/Thu, 04 Jun 2026 00:00:00 -0400https://www.sakurasky.com/blog/regulatory-stack-part-4/<style> .series-pull-quote { float: right; clear: both; width: 340px; margin-left: 2rem; margin-bottom: 1.5rem; border: 1px solid #e9ecef; border-radius: 6px; overflow: hidden; background-color: #ffffff; position: relative; z-index: 20; } @media (max-width: 768px) { .series-pull-quote { float: none; clear: both; width: 100%; margin-left: 0; } } .series-header { background-color: #f8f9fa; color: #6c757d; font-size: 0.65rem; font-weight: 700; letter-spacing: 0.05em; padding: 0.8rem 1.25rem; border-bottom: 1px solid #e9ecef; } .part-label { display: block; font-size: 0.6rem; color: #adb5bd; margin-bottom: 0.15rem; text-transform: uppercase; } .nav-link-text { font-size: 0.85rem; line-height: 1.4; color: #495057; text-decoration: none; position: relative; z-index: 21; } .active-part { border-left: 4px solid #000 !important; background-color: #ffffff !important; } .active-part .nav-link-text { font-size: 0.9rem; font-weight: 700; color: #212529; text-decoration: underline; text-underline-offset: 3px; } .locked-part .nav-link-text { color: #ced4da; } .list-group-item { border-bottom: 1px solid #f8f9fa; padding: 1rem 1.25rem !important; } </style> <aside class="series-pull-quote shadow-sm"> <div class="series-header"> READ MORE IN THIS SERIES </div> <div class="list-group list-group-flush"> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-1/" class="nav-link-text">Part 1 - AISVS Has 14 Categories. GATE Has 16 Controls. Here Is the Map.</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-2/" class="nav-link-text">Part 2 - Why the Boardroom Should Be Funding the Verification Layer in 2026</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-3/" class="nav-link-text">Part 3 - How the EU AI Act Made Verification a Legal Question, Not a Best-Practice One</a> </div> </div> </div> <div class="list-group-item active-part "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-4/" class="nav-link-text">Part 4 - Engineering Under the AI Act: Article 15 Cybersecurity in Practice</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-5/" class="nav-link-text">Part 5 - The Cyber Resilience Act Closes the Last Loophole</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/regulatory-stack-part-6/" class="nav-link-text">Part 6 - Building Under the CRA: A Reference Architecture</a> </div> </div> </div> </div> </aside> <p>How to turn the EU AI Act&rsquo;s stringent cybersecurity requirements into a clean, automated side effect of your existing platform engineering pipelines.</p>https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-17/Mon, 01 Dec 2025 00:00:00 -0500https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-17/<style> .series-pull-quote { float: right; clear: both; width: 340px; margin-left: 2rem; margin-bottom: 1.5rem; border: 1px solid #e9ecef; border-radius: 6px; overflow: hidden; background-color: #ffffff; position: relative; z-index: 20; } @media (max-width: 768px) { .series-pull-quote { float: none; clear: both; width: 100%; margin-left: 0; } } .series-header { background-color: #f8f9fa; color: #6c757d; font-size: 0.65rem; font-weight: 700; letter-spacing: 0.05em; padding: 0.8rem 1.25rem; border-bottom: 1px solid #e9ecef; } .part-label { display: block; font-size: 0.6rem; color: #adb5bd; margin-bottom: 0.15rem; text-transform: uppercase; } .nav-link-text { font-size: 0.85rem; line-height: 1.4; color: #495057; text-decoration: none; position: relative; z-index: 21; } .active-part { border-left: 4px solid #000 !important; background-color: #ffffff !important; } .active-part .nav-link-text { font-size: 0.9rem; font-weight: 700; color: #212529; text-decoration: underline; text-underline-offset: 3px; } .locked-part .nav-link-text { color: #ced4da; } .list-group-item { border-bottom: 1px solid #f8f9fa; padding: 1rem 1.25rem !important; } </style> <aside class="series-pull-quote shadow-sm"> <div class="series-header"> READ MORE IN THIS SERIES </div> <div class="list-group list-group-flush"> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai/" class="nav-link-text">Part 0 - Introduction</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-1/" class="nav-link-text">Part 1 - End-to-End Encryption</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-2/" class="nav-link-text">Part 2 - Prompt Injection Protection</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-3/" class="nav-link-text">Part 3 - Agent Identity and Attestation</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-4/" class="nav-link-text">Part 4 - Policy-as-Code Enforcement</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-5/" class="nav-link-text">Part 5 - Verifiable Audit Logs</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-6/" class="nav-link-text">Part 6 - Kill Switches and Circuit Breakers</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-7/" class="nav-link-text">Part 7 - Adversarial Robustness</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-8/" class="nav-link-text">Part 8 - Deterministic Replay</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-9/" class="nav-link-text">Part 9 - Formal Verification of Constraints</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-10/" class="nav-link-text">Part 10 - Secure Multi-Agent Protocols</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-11/" class="nav-link-text">Part 11 - Agent Lifecycle Management</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-12/" class="nav-link-text">Part 12 - Resource Governance</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-13/" class="nav-link-text">Part 13 - Distributed Agent Orchestration</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-14/" class="nav-link-text">Part 14 - Secure Memory Governance</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-15/" class="nav-link-text">Part 15 - Agent-Native Observability</a> </div> </div> </div> <div class="list-group-item "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-16/" class="nav-link-text">Part 16 - Human-in-the-Loop Governance</a> </div> </div> </div> <div class="list-group-item active-part "> <div class="d-flex justify-content-between align-items-center"> <div> <a href="https://www.sakurasky.com/blog/missing-primitives-for-trustworthy-ai-part-17/" class="nav-link-text">Part 17 - Conclusion (Operational Risk Modeling)</a> </div> </div> </div> </div> </aside> <p>This series began with a simple thesis:</p>