For decades, the cybersecurity industry has been preoccupied with two states of data. We have built elaborate fortresses around data at rest (encrypting files on disks) and secured data in transit (wrapping network traffic in Transport Layer Security). 

But when it comes to data in use, many organisations find themselves vulnerable to exploits. 

To actually do anything with data – like run an AI model, calculate a risk score, or retrieve a record from a database – it typically must be decrypted. For that brief window, the data is exposed and vulnerable. If a hacker, a rogue administrator, or a compromised operating system accesses the data in it’s plaintext state, the encryption at rest and in transit becomes irrelevant.  

This is the gap that confidential computing closes. It is the reason Gartner has named it a top strategic technology trend for 2026, predicting that by 2029, over 75% of operations in untrusted infrastructure will use it.  

The current standard: Trusted Execution Environments (TEEs)

At the heart of today’s confidential computing is the Trusted Execution Environment (TEE). Available in chips from major manufacturers like Intel and AMD, a TEE acts as a hardware-enforced secure enclave within the processor.  

The premise is elegant:  

• Isolation: The TEE carves out a secure region of memory. Even the cloud provider’s hypervisor cannot look inside 

• Attestation: Before you send data, the chip provides a cryptographic “ID card” proving it is genuine and running the correct code 

The flaw: recent TEE exploits

However, the TEE model relies on a critical assumption: absolute trust in the hardware. You are trusting that the physical silicon is impervious to attack. Unfortunately, recent history – and specifically the events of late 2025 – has shown that hardware is far from bulletproof.  

In October 2025, researchers unveiled TEE.fail and WireTap, two devastating physical attacks on confidential computing infrastructure. Using cheap, off-the-shelf electronics (the required kit could be bought for $1000), attackers were able to place an interposer between the CPU and the memory. By listening to the electrical signals on the memory bus, they could exploit the deterministic nature of the memory encryption to extract the very keys meant to protect the TEE.  

This follows a long line of side-channel exploits like Downfall, Hertzbleed, and CacheWarp, which allow attackers to decode secrets by analysing power consumption or execution timing. 

The lesson is clear: As long as data is decrypted somewhere on the chip, it remains vulnerable to exploitation.

From hardware to mathematics: cryptographic certainty with FHE 

While TEEs rely on specialised hardware enclaves to protect data and code while it’s in use, Fully Homomorphic Encryption (FHE) uses advanced cryptography to perform computations directly on the encrypted data and return an encrypted result. 

This means that, with FHE, even if the system is compromised, all an attacker can access is encrypted data and noise. The data is never exposed nor accessible in its plaintext state – not by the CPU, not in the cache and not in the system’s memory. 

 Historically, the barrier to FHE has been speed; software-only implementations are computationally intense. But just as GPUs revolutionised graphics processing, the emergence of dedicated hardware acceleration, like that developed by us at Optalysy is solving FHE performance bottlenecks and making it a commercially viable way to deploy confidential computing.  

Gartner is right to highlight confidential computing as the trend of the decade. But smart leaders should view TEEs as one component in the mix of privacy and security. The future belongs to infrastructure that protects data even when the hardware fails, with the right mix of the right technologies for the job. 

---

At Optalysys we’re developing the future of secure AI through pioneering the use of silicon photonics to accelerate Fully Homomorphic Encryption. Get in touch with us to find out how we can accelerate your FHE use case →