The New Infrastructure Security Challenge

AI and digital assets are changing not only technology itself, but also the way security infrastructure is designed.

For years, it was enough for companies to protect data while it was stored or transmitted. Today, that is no longer sufficient.

There is a third state: data while it is being processed. This is where the highest level of risk appears, and where many infrastructures remain vulnerable.

Why AI made this impossible to ignore

In the past, data was mostly stored or transferred. AI changed that. Modern models continuously process information inside the system in real time.

The more AI systems work with sensitive data, the more urgent one question becomes: what happens to that data during processing, and who could theoretically gain access to it?

More and more companies are asking the same thing: who can access data while operations are being executed?

Regulators are starting to ask this question as well. In its 2026 Examination Priorities, the SEC specifically highlighted the need to monitor AI systems and related operational processes within financial institutions.

How this affects digital assets

In custody infrastructure, the challenge goes far beyond storing private keys.

What matters is what happens during a signing operation: how key shares are processed and how isolated that process is from the surrounding infrastructure.

This is where Trusted Execution Environments (TEE), come into play.

A TEE is a hardware-isolated environment inside a processor. Code runs and data is processed inside this environment, inaccessible to the operating system, server administrators, or anything outside it.

The key advantage is not only isolation, but also attestation: cryptographic proof that an operation was executed inside a protected environment.

For institutional clients and regulators, this is not just a technical detail. It is verifiable evidence that can be demonstrated during an audit.

Where this is already becoming the standard

Confidential computing is no longer a niche technology.

Interest in it continues to grow alongside AI adoption, cloud infrastructure, and regulated environments. Enterprise platforms are increasingly separating routine operations from sensitive inference, applying different levels of protection to each. A similar shift is happening in digital asset custody architecture.

The Vault uses TEE across all server-side key shares, ensuring signing operations take place in a fully isolated environment, regardless of what is happening in the surrounding infrastructure.

This is not an optional feature layered on top of the system. Protection is built directly into the architecture.