Data Protection Becomes the Foremost Strategic Priority

Inference is no longer a request-response transaction. Now, inference is a population of long-running, tool-using agents that read models, retrieve context, call each other, and act on data, with consequences. The integrity of those actions cannot be governed at the application layer alone. Until this release, the platforms enterprises rely on for AI workloads have not provided enforcement primitives where data movement actually happens: on the storage IO path, in silicon, at line rate.

NVIDIA is now filling that gap. The release is a coherent agentic AI factory architecture built around NVIDIA BlueField-4, a redefined NVIDIA DOCA security stack with a brand-new file-access primitive called DOCA Vault, the NVIDIA Vera BlueField-4 STX modular storage reference design, and a deliberately bridged ecosystem of storage and cybersecurity partners running consistently on the same BlueField-4 processor. Most consequentially, the Data Protection domain finally has a primitive that operates without trading off AI workload performance.

This blog walks through the technical mechanics of the NVIDIA AI Factory secured by NVIDIA DOCA, and then maps the capabilities back to the WWT AI Readiness Model for Operational Resilience (ARMOR) domains a CISO will be asked to govern against.

NVIDIA BlueField: protection at every AI node

NVIDIA's positioning for this release is direct. NVIDIA BlueField is an accelerated computing platform for cybersecurity, pervasively built into every AI system and every AI factory. Four architectural properties carry the security story.

• Programmable security with NVIDIA DOCA, executed on dedicated compute engines and accelerators: Security software runs in NVIDIA BlueField's own compute domain, not on the host.
• Operation from a separate trust domain: The NVIDIA BlueField security plane is invisible to attackers on the host. Even when host resources are under attack, the security plane stays trusted.
• Inline accelerated cybersecurity functionality on the IO path: Security functions execute at line rate in silicon, on the same path data is already moving.
• A new generation of cybersecurity capabilities purpose-built for AI workloads, agentless and friction-free.

Three operational properties result:

1. There are no agents to install on the host.
2. There is no integration required against host-based resources.
3. There is no overhead, because security software runs on NVIDIA BlueField's own engines and accelerators.

The result is security that is resilient by construction: trusted even when the host is compromised, because compromise cannot reach the NVIDIA BlueField domain.

GTC Taipei: What's new with NVIDIA BlueField-4?

BlueField-4 steps from NVIDIA BlueField-3's 16 Arm Cortex-A78 cores to 64 Arm Neoverse V2 cores, with 128 GB of LPDDR5, 114 MB of shared L3 cache, and 512 GB of onboard SSD. It integrates the NVIDIA ConnectX-9 SuperNIC for 800 Gb/s of network throughput with line-speedRDMA over Converged Ethernet (RoCE) support, and presents to the host over PCIe Gen6 x16. NVIDIA quotes 6x the compute of NVIDIA BlueField-3. That headline number enables the larger architectural move in this release, because the security stack is now able to do more on the DPU.

Architecturally, NVIDIA BlueField-4 sits in the host-to-network and host-to-storage data paths. It terminates NVIDIA Spectrum-X Ethernet for scale-out north-south traffic and the file and object storage path for IO, and it presents emulated PCIe devices back to the host: NVMe block, virtio-blk, virtio-net, and critically for this release, virtio-fs. NVIDIA Quantum-X800 InfiniBand, when present in the architecture for scale-out training fabrics, does not traverse NVIDIA BlueField-4 directly; it runs through dedicated NVIDIA ConnectX-9 SuperNICs. NVIDIA DOCA Argus still surfaces metadata about InfiniBand traffic at the node level through realtime memory analysis of specific snippets of the host kernel state. The NVIDIA BlueField-4 cores run a tenant-isolated security domain, defined by the NVIDIA BlueField Advanced Secure Trusted Resource Architecture (Astra), that operates outside the host's data and control planes. That separation is the architectural foundation everything in this post depends on.

Inside the NVIDIA Vera Rubin POD

NVIDIA Vera Rubin NVL72 Compute Tray

The NVIDIA Vera Rubin NVL72 compute tray carries the inference and training workloads, featuring: 2 x Vera CPU, 4 x Rubin GPUs, 1 x BlueField-4 DPU, and 4 x ConnectX-9 SuperNICs. The full DOCA security stack runs here: OVS-DOCA for network security policy, DOCA Argus for situational awareness, and the new DOCA Vault for file-based access policy. This is the primary enforcement tier, because this is where workloads originate the storage and network requests that everything downstream sees. Argus has ground truth on workload behavior, and the JBOF sits downstream of where the policy decision is made. Upon threat detection, OVS-DOCA can be programmed to stop network activity, and DOCA Vault can enforce a file access request. Stopping threats at the client side enhanced the overall cybersecurity posture of the infrastructure by preventing lateral movement at large-scale environments.

NVIDIA Vera CPU Compute Tray

The Vera Compute tray is a dense, modular building block for CPU-scale AI infrastructure, purpose-built for running AI agents. Equipped with 88 custom NVIDIA Olympus cores, up to 1.2 TB/s of memory bandwidth, Vera gives AI factories the CPU throughput needed for orchestration, tool calling, code execution, data processing and long-context workflows. The NVIDIA DOCA stack runs consistently on this platform with DOCA Argus, OVS-DOCA, and the new DOCA Vault to protect agents at massive scale.

NVIDIA Vera BlueField-4 STX Server

NVIDIA Vera BlueField-4 STX is the foundation for agentic AI-native storage solutions. Powered by NVIDIA DOCA, NVIDIA Vera BlueField-4 STX brings in-silicon security to enforce trust across compute and storage.. The STX server runs on a Vera-based BlueField-4 storage processor and OVS-DOCA. While DOCA Argus and DOCA Vault can run on the STX server, their primary role is to detect threats and contain them at the storage initiator side. However, certain implementations could see DOCA Argus and DOCA Vault running natively on the storage processor. 

NVIDIA Spectrum-X Ethernet Networking Fabric

Spectrum-X Ethernet ties the three tiers together at 800G per port via NVIDIA BlueField-4 and NVIDIA ConnectX-9 SuperNIC. NVIDIA NVLink and NVLink Switch carry intra-rack scale-up traffic between GPUs without crossing a DPU. NVIDIA Quantum-X800 InfiniBand, where deployed for scale-out training, runs through dedicated NVIDIA ConnectX-9 SuperNICs and does not traverse NVIDIA BlueField-4 directly, though DOCA Argus still gathers metadata about that traffic at the node level. Every workload, agent, and storage flow that crosses Ethernet between racks crosses an NVIDIA BlueField-4. That is the primary locus of enforcement.

The NVIDIA DOCA security stack, end to end

NVIDIA DOCA is the software platform that turns NVIDIA BlueField-4 into a programmable security processor. Three primitives matter for this release.

• DOCA Flow controls network policy via OVS-DOCA, which programs NVIDIA BlueField's eSwitch using hardware steering. Key Use cases for this release: micro-segmentation, next-generation firewall, AI Firewall, AI Application Firewall with protocol decoding, and incident response. Stock Open vSwitch control plane, hardware data path.
• DOCA Vault, is a new data security microservice purpose-built for file-based, AI-native storage. It helps ensure that only authorized AI workloads, agents and services can access the right files with the right permissions, enforcing authorization on every file access request in BlueField silicon. Designed for dynamic agentic AI environments, DOCA Vault protects sensitive data, models and context memory from unauthorized access, data extraction and exposure. It provides zero-trust file access for AI factories while operating independently of the host CPU and storage system, helping deliver security at the speed and scale of AI workloads.
• DOCA Argus is the situational awareness layer. The architectural property to internalize: DOCA Argus does not run agents on the host and does not depend on eBPF, syscall tracing, or any host-side instrumentation. DOCA Argus runs entirely on NVIDIA BlueField-4 cores and observes host activity through real-time memory introspection across PCIe Gen6 DMA, parsing host kernel data structures to reconstruct process, thread, memory, library, file descriptor, network connection, and container state.

What CISOs should do now

• Re-baseline the Data Protection domain of your ARMOR posture. Controls previously deferred because they could not be enforced at AI workload throughput should be revisited. DOCA Vault changes what is enforceable on the storage IO path.
• Engage your incumbent cybersecurity partners on their DOCA Vault, DOCA Flow, and DOCA Argus roadmaps. The platforms that will matter in twelve months are the ones showing up at GTC Taipei with credible Vault integration plans.
• Bring security architects into the storage RFP. STX-based storage is going to change procurement criteria. Selection should be made jointly between AI infrastructure, storage, and security architecture, not sequentially. Look explicitly at AI Memory Protection on CMX, not just file storage.
• Pilot Application Control via the remote-NFS execution pattern. This is the highest-leverage agent-escape control in the entire release, and it is implementable today on the Vault POC. Identify a high-value agent workload and test the manifest-based execution control in a non-production environment.
• Plan for Continuous Verifiable AI in your agent identity strategy. The attestation-to-token pattern integrates with identity providers. Coordinate now between AI platform, security architecture, and identity engineering.

WWT's ARMOR practice will be publishing technical deep dives on DOCA Vault integration patterns, reference architectures for Vault-enabled agentic AI deployments, AI Memory Protection on NVIDIA CMX, and ARMOR-aligned validation playbooks through the AI Proving Ground. WWT delivers ARMOR-aligned platform integration with NVIDIA BlueField and DOCA, co-developed with NVIDIA and validated in WWT's AI Proving Ground. For organizations ready to pressure-test what this release means for their AI security posture, the Proving Ground is the venue.

What this release locks in

Last October, NVIDIA's BlueField-4 announcement signaled that security was going to live in the infrastructure, not on top of it. Fast forward to today with the announcement of DOCA Vault, the NVIDIA Vera BlueField-4 STX for AI-native storage, AI Memory Protection on the Context Memory layer, and the Continuous Verifiable AI attestation pattern, the data plane catches up to the network plane, and the agent itself becomes a first-class enforceable entity. The agentic AI factory is the workload these capabilities were built for. The ARMOR framework is the operational architecture that lets enterprises put them to use.

Secure AI is foundational, not optional. With this release, it is also finally performant on the storage path, on the memory tier, and at the agent boundary.  

Trademarks and attributions

NVIDIA, the NVIDIA logo, BlueField, BlueField Astra, ConnectX, CUDA, DOCA, DGX, DPF, Morpheus, NeMo, NIM, NVIDIA AI Enterprise, NVIDIA AI Data Platform, NVLink, Quantum-X800, Rubin, Spectrum-X, STX, Vera, and CMX are trademarks and/or registered trademarks of NVIDIA Corporation in the United States and other countries. ASAP² is a trademark of NVIDIA Corporation. Other product names referenced in this document may be trademarks of their respective owners. Use of these names is for identification purposes only and does not imply endorsement.

ARMOR (AI Readiness Model for Operational Resilience) is a framework developed by World Wide Technology in collaboration with NVIDIA. © 2026 World Wide Technology, Inc. All rights reserved.