Roland Turner

 about | contact

The cloud provider is the adversary

Roland Turner

A schematic of a padlock inside a GPU silicon chip

If you run code in the cloud, you usually have to trust the landlord. Peter Membrey is releasing a framework that means that you don’t.

For the last decade “the cloud” has been the default operating system of the Internet. But it comes with a massive, unspoken compromise: physical sovereignty. When you run a workload on AWS, Azure, or Google Cloud, you are renting someone else’s computer. You are implicitly trusting that their admins aren’t dumping your RAM, that their hypervisors aren’t snooping on your processes, and that their hardware hasn’t been tampered with.

In a world of increasingly privacy- and security-sensitive applications, this implicit trust is a vulnerability.

A solution: The GPU enclave

Peter is the Chief Research Officer at ExpressVPN where he has spent years building systems like TrustedServer to eliminate persistent data risks. Now, he is tackling another frontier: confidential computing on GPUs.

On Monday, March 9, Peter will present Open Sourcing Secure GPU Workloads in Enclaves: A Practical Framework for Privacy-Preserving Compute.

The black box we actually want

He is introducing an open source framework that allows you to run GPU-accelerated workloads inside a Trusted Execution Environment (TEE). Crucially, this solves the “remote attestation” problem. It allows a remote client to cryptographically verify:

Why this matters

Until now, confidential computing has been the domain of hyperscalers and proprietary enterprise stacks. By open sourcing the tooling to make this accessible, Peter is democratising confidential GPU-accelerated processing.

He is giving us the ability to treat the cloud provider as an adversary, and run our GPU-accelerated code safely anyway.

Join us

The cloud provider is the adversary © 2026 by Roland Turner is licensed under CC BY-SA 4.0