Artificial Intelligence (AI) AI factories represent a new class of computing infrastructure, concentrating the enterprise’s most valuable assets into a single environment: model weights, the data used to train and customize them, and the inference pipelines built around them. Legacy security tooling wasn’t built for that concentration, or for the throughput and distributed topology these systems run on. An isolated trust architecture helps protect AI factories without slowing production.
That’s exactly what TrendAI™ is doing with NVIDIA DOCA. It’s part of our mission to secure the AI stack, from agents to applications.
AI threats are a reality
The AI factory holds the assets adversaries want most—model weights, training data, and fine-tuning data—making it an attractive attack target. Thanks to powerful frontier models and agentic frameworks, time to exploit has collapsed from days and weeks to just hours. That could accelerate the risk of a supply chain compromise, memory and context poisoning, unexpected code execution, and more.
The TrendAI™ approach is to harden AI factories before adversaries find a way in, not to chase incidents after the fact. Proactive controls must do the heavy lifting because reactive postures can’t close the window when exploitation happens in hours. But that can be challenging in environments characterized by huge computational demands, distributed architectures, and real-time processing requirements.
NVIDIA BlueField Data Processing Units (DPUs) are designed with security in mind. They operate in an isolated trust domain with zero trust at its heart, featuring line-speed network enforcement, encryption, and continuous monitoring of host behavior, traffic patterns, and other indicators. But NVIDIA BlueField alone is just one piece of the puzzle. To maximize visibility and threat protection in NVIDIA AI factories featuring NVIDIA BlueField DPUs, organizations also need dedicated endpoint detection and response (EDR).
Close the data gap
TrendAI Vision One™ AI Factory EDR runs on the NVIDIA DOCA software platform, monitoring workload behavior on NVIDIA BlueField and pulling continuously updated threat intelligence to identify and contain attacks. DOCA Argus already gives us runtime visibility; the data layer was the missing piece, and DOCA Vault closes that gap. Addressing the data layer improves detection, response, and accountability.
Identity-bound access policies and continuous audit trails matter as much as the detection signal itself, especially when agentic workflows are reading and writing data on behalf of users. Enhanced telemetry and policy-driven visibility into AI data flows help identify signs of data poisoning, model weight tampering, malware hidden in datasets, exfiltration activity, and adversarial inference behavior. That optimizes the “detection” piece for AI factories. As for “response,” there’s per-file block, workload-level data quarantine, cross-tenant isolation, and read-only mode for “suspicious but not confirmed.”
With AI Factory EDR, organizations get comprehensive detection and response on NVIDIA BlueField with runtime, network, and data visibility in one hardware-isolated trust domain. Organizations also benefit from the following:
- Closed loop: Argus signals drive Vault decisions in real time, so if a workload gets compromised, Vault prevents data access immediately.
- Zero trust: Host OS compromise doesn't break the security pipeline since it’s all on NVIDIA BlueField.
- High performance: AI Factory EDR operates with no GPU or host CPU overhead.
The NVIDIA DOCA difference
TrendAI™ is extending its DOCA integration with NVIDIA DOCA Vault, the new DOCA microservice for AI storage protection, to implement a zero-trust access layer for file-based storage. DOCA Argus provides the telemetry, DOCA Vault handles the policy enforcement, and the service restricts file access to authorized AI workload processes only:
DOCA Argus provides deep, hardware-accelerated telemetry directly from NVIDIA BlueField. This allows us to monitor process and file activity with extremely high fidelity and zero overhead on the host CPU. DOCA Vault supports the following use cases of data protection:
- Application control, allowing only trusted applications to execute
- Data exfiltration prevention, ensuring processes cannot access unauthorized files
- Real-time workload threat detection and prevention, flagging any policy deviation as a behavioral change indicative of a breach
- Drift prevention, ensuring configuration files cannot be altered
- Forensics investigation, providing granular information about file-based access
- Incident response, immediately blocking access to remote file-based storage in response to a potential breach
How this plays out
AI Factory EDR integrates with DOCA Argus and DOCA Vault to build a unified, hardware-empowered security system for NVIDIA AI factory environments. Together, they protect AI workloads, model assets, configuration files, and sensitive data by combining runtime visibility, file storage access control, immutable audit logging, and NVIDIA BlueField-accelerated enforcement with minimal impact on host CPU and GPU resources.
1. AI model asset protection
In a multi-tenant NVIDIA AI factory environment, a training container from Tenant A attempts to access proprietary model files owned by Tenant B.
DOCA Argus captures the file_descriptor_open event, including process identity, user ID, container ID, file path, inode, timestamp, and access mode. DOCA Vault validates the request against file storage access control policies, such as tenant ownership, approved file paths, and allowed access modes.
Because the access violates tenant isolation policy, DOCA Vault blocks the unauthorized file access before the model asset can be read or copied. The TrendAI Vision One™ platform receives the DOCA Argus event and DOCA Vault enforcement result, correlates them with workload and tenant context, and identifies the abnormal container, process, and operator involved.
This prevents model theft, unauthorized access, and cross-tenant data exposure in shared AI factory environments.
2. Configuration drift prevention
In another scenario, an unauthorized process attempts to modify protected configuration files under sensitive directories such as /etc/ai_agent or /models/config.
DOCA Argus detects the file_descriptor_open event with write or append intent and reports the process command line, file path, user identity, container ID, inode, and timestamp. Vault checks the request against file storage access control policies and determines whether the process is allowed to modify the target file.
If the process only has read permission but attempts to open the file with write or append access, Vault identifies it as a read-only to read-write escalation attempt and blocks the operation. AI Factory EDR correlates the Argus runtime signal with Vault’s access control decision and raises an alert for unauthorized configuration drift or policy tampering.
This protects AI agent configuration, model runtime settings, and other critical file-based assets from unauthorized modification.
3. Real-time threat detection and incident response
NVIDIA BlueField enforcement happens before the OS sees the request. For advanced threat detection, AI Factory EDR correlates multiple Argus events across file and network activity.
For example, if a process opens a sensitive model file and then connects to an unknown external IP address, AI Factory EDR correlates the file_open and network_connection events as a potential exfiltration attempt. Vault can then enforce file storage access control decisions, while NVIDIA BlueField applies hardware-offloaded blocking to Network File System (NFS), Server Message Block (SMB), or Internet Small Computer Systems Interface (iSCSI) server access before the host operating system continues processing the suspicious activity.
DOCA Argus also provides the full forensic payload, including user ID, group ID, container ID, process metadata, inode, file path, timestamp, command line, and network destination. DOCA Vault records the access decision and enforcement result in an off-host immutable audit trail.
This enables rapid containment, forensic investigation, and incident response for sensitive file access, data exfiltration attempts, and compromised workload behavior.
Together, AI Factory EDR, DOCA Argus, DOCA Vault, and NVIDIA BlueField form a closed-loop defense architecture. Argus provides runtime visibility, DOCA Vault enforces file storage access control, AI Factory EDR performs threat correlation and orchestration, and NVIDIA BlueField executes hardware-level blocking. This architecture helps protect AI models, workloads, configuration files, and sensitive data from unauthorized access, tampering, exfiltration, and configuration drift in enterprise AI factory environments.
Securing the AI stack
We know that protecting AI innovation requires securing more than the infrastructure, workload, and data layers. That’s why the TrendAI™ mission is security from the infrastructure to the governance layer via our Agentic Governance Gateway. Together, it’s a vision for comprehensive security that runs from NVIDIA BlueField and through the agent layer.
We’re also working with Anthropic to put their strongest models to work on this problem. As a trusted Cyber Verification Program partner, we turn Opus 4.7-powered discoveries into real-time protection on NVIDIA BlueField, where Anthropic accelerates discovery and we ensure action. The TrendAI™ Zero Day Initiative™ (ZDI) empowers organizations with a 96-day head start on vendor patches; TrendAI™ FENRIR, our agentic AI vulnerability hunter, finds issues at machine scale; and AI Factory EDR ships the protection straight to NVIDIA BlueField.
There’s plenty more to come. We’re exploring additional DPU primitives across the security gateway, GPU-powered advanced security capabilities, GPU and DPU telemetry, agent-level enforcement, expanded AI Factory EDR capabilities, TrendAI Vision One™ Agentic SIEM, and NVIDIA DSX Air support. The pace of AI innovation can be dizzying, but we owe it to our customers to ensure the future they’re building thrives on secure foundations.