{"ID":2832676,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2512.05951","arxiv_id":"2512.05951","title":"Trusted AI Agents in the Cloud","abstract":"AI agents powered by large language models are increasingly deployed as cloud services that autonomously access sensitive data, invoke external tools, and interact with other agents. However, these agents run within a complex multi-party ecosystem, where untrusted components can lead to data leakage, tampering, or unintended behavior. Existing Confidential Virtual Machines (CVMs) provide only per binary protection and offer no guarantees for cross-principal trust, accelerator-level isolation, or supervised agent behavior. We present Omega, a system that enables trusted AI agents by enforcing end-to-end isolation, establishing verifiable trust across all contributing principals, and supervising every external interaction with accountable provenance. Omega builds on Confidential VMs and Confidential GPUs to create a Trusted Agent Platform that hosts many agents within a single CVM using nested isolation. It also provides efficient multi-agent orchestration with cross-principal trust establishment via differential attestation, and a policy specification and enforcement framework that governs data access, tool usage, and inter-agent communication for data protection and regulatory compliance. Implemented on AMD SEV-SNP and NVIDIA H100, Omega fully secures agent state across CVM-GPU, and achieves high performance while enabling high-density, policy-compliant multi-agent deployments at cloud scale.","short_abstract":"AI agents powered by large language models are increasingly deployed as cloud services that autonomously access sensitive data, invoke external tools, and interact with other agents. However, these agents run within a complex multi-party ecosystem, where untrusted components can lead to data leakage, tampering, or unin...","url_abs":"https://arxiv.org/abs/2512.05951","url_pdf":"https://arxiv.org/pdf/2512.05951v2","authors":"[\"Teofil Bodea\",\"Masanori Misono\",\"Julian Pritzi\",\"Patrick Sabanic\",\"Thore Sommer\",\"Harshavardhan Unnibhavi\",\"David Schall\",\"Nuno Santos\",\"Dimitrios Stavrakakis\",\"Pramod Bhatotia\"]","published":"2025-12-05T18:48:53Z","proceeding":"cs.CR","tasks":"[\"cs.CR\",\"cs.AI\",\"cs.MA\"]","methods":"[\"Language Model\"]","has_code":false}