CoreWeave AI Object Storage is a purpose-built, fully managed object storage service that is optimized for AI workloads and can be used as general-purpose cloud storage. AI Object Storage is built and operated by CoreWeave, and implements an S3-compatible API, which means it follows the S3 request/response model and works with standard S3 tools, while maintaining its own service behavior, limits, and feature set. This page introduces the service’s benefits, availability, security model, performance characteristics, cost structure, and observability options so you can decide how AI Object Storage fits your workloads before you begin using it.Documentation Index
Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt
Use this file to discover all available pages before exploring further.
Benefits
AI Object Storage provides the following benefits:- Efficiently stores and serves training datasets and model artifacts.
- Supports non-AI data and standard cloud storage workflows. AI Object Storage implements an S3-compatible API, so you can reuse familiar tools and SDKs (such as the AWS CLI, Boto3, and s3cmd) by pointing them at CoreWeave endpoints.
- Delivers data efficiently to CPU and GPU Nodes and integrates with model serializers such as Tensorizer.
- Includes LOTA (Local Object Transport Accelerator), a Node-local connection that accelerates object reads and caches data on GPU and CPU Nodes to reduce load times.
Availability
AI Object Storage is available in multiple regions across the CoreWeave platform. See Regions and Availability Zones for current information on where AI Object Storage is available.Security
AI Object Storage is designed to safeguard information that requires secure, reliable containment for long periods of time. AI Object Storage provides redundancy, versioning, and bucket security policies to support reliable storage. All data stored in AI Object Storage is encrypted at rest using an industry-standard encryption algorithm (AES-256). See the Encryption section for more details. AI Object Storage supports versioning, allowing multiple versions of data to be stored. This is useful for data recovery, and is an effective method for tracking changes over time. If required, clients can also revert to previous versions of data. AI Object Storage is ideal for archiving, backups, and use cases where data requires long-term, low-risk resiliency. AI Object Storage uses organization, bucket, and lifecycle policies to enforce access control and configure retention. The Object Storage Admin IAM role manages control plane aspects of Object Storage, such as creating access keys and organization access policies, in the Cloud Console. For more information, see About organization access policies. For production workloads, Workload Identity Federation with OIDC is the recommended method for obtaining Access Keys. It exchanges short-lived OIDC tokens for temporary credentials with a 15-minute lifespan, which eliminates the need to store or rotate long-lived static keys.Encryption
AI Object Storage provides encryption at rest by default and supports encryption in transit through TLS. For additional control, you can supply your own encryption keys using SSE-C. Encryption has no additional cost.Default encryption at rest
All object data stored within AI Object Storage is encrypted at rest by default, using the AES-256 algorithm. Default at-rest encryption is applied automatically to all objects. Only the object data itself is encrypted at rest. Object metadata is not encrypted by default. Customers must ensure confidential information is stored only in object payloads, not metadata fields (including bucket names, object keys, and tags). For workloads that use the Local Object Transport Accelerator (LOTA), cached object data on ephemeral storage is encrypted at the drive level using Linux Unified Key Setup (LUKS). Additionally, if you use S3 Server-Side Encryption with Customer Keys (SSE-C), LOTA encrypts and decrypts data directly on the client machine. This ensures that even host root users cannot access cached data without the customer key, which provides a layer of protection beyond disk-level encryption. AI Object Storage supports server-side encryption with customer-supplied keys (SSE-C). This feature lets you use your own encryption keys to encrypt data while CoreWeave handles the encryption and decryption process.Encryption in transit
Connections to AI Object Storage endpoints support Transport Layer Security (TLS), with TLS version 1.2 or later required for HTTPS. Data transmitted through HTTPS is protected in transit from interception and tampering. LOTA operates as an “untrusted daemon” running on each Node and is not deployed with any user or service secrets. Communication between client Pods and LOTA, as well as between LOTA instances (Pods), is not encrypted by default. The system relies on network segmentation to provide security in these internal communications. When LOTA forwards requests or data to externalcwobject.com endpoints, encryption in transit depends on protocol selection: only connections using HTTPS ensure encrypted traffic.
High performance
Data stored in AI Object Storage is available immediately after upload: clients can read data as soon as it’s written. This is implemented as a “read-after-write” function, meaning anyread operation after a write operation retrieves updated data. This allows for secure parallel access, higher performance, and improved scalability.
Cost management
AI Object Storage includes automated cost optimization features designed for AI workloads with varying access patterns. Objects are automatically classified based on when they were last accessed:| Pricing Tier | SKU | Description |
|---|---|---|
| Hot | caios-high-perf | Objects that are newly uploaded or accessed within the last 7 days |
| Warm | caios-warm | Objects that have been accessed within the last 7 to 30 days |
| Cold | caios-inactive | Objects that haven’t been accessed for 30+ days |
| Archive (Limited Availability) | caios-archive | Objects that are infrequently accessed and are tolerant of lower performance |
Usage-based billing
Usage-based billing is enabled by default and requires no configuration. Objects transition back to Hot tier pricing when accessed, which makes this ideal for ML datasets, model checkpoints, and training artifacts with irregular usage patterns. Data billed as Cold has the same performance as Hot or Warm data, with no retrieval delays. Unless stated otherwise in a customer contract, AI Object Storage is billed based on the actual consumed storage. Billing calculations are based on hourly total capacity consumption. To calculate the hourly rate, AI Object Storage measures the capacity of the stored data at least once per hour and then averages those capacity measurements across the hour. AI Object Storage has four pricing tiers, all based on actual consumed storage:- Hot: Data accessed in the last 7 days.
- Warm: Data accessed in the last 7 to 30 days.
- Cold: Data not accessed in the last 30 days.
- Archive (Limited Availability): Infrequently accessed data tolerant of lower performance.
What counts as object access
During hourly billing cycles, the last access time is measured. The following actions reset the timer and bring objects back to the Hot tier:| Action | API Method | Description |
|---|---|---|
| Upload | PutObject, UploadPart | When the object is first uploaded |
| Read | GetObject | When the object is downloaded or accessed |
| Copy | CopyObject, UploadPartCopy | When the object is copied, both source and destination are considered “accessed” |
Metrics and logging
CoreWeave offers audit logging and other metrics for AI Object Storage. You can use CoreWeave Grafana to view metrics for usage, LOTA, and more in the Grafana dashboard linked in the Cloud Console. The panel group is Auto Archive, and it appears in the CAIOS Usage panel under the Storage dashboard. Audit logging for buckets is available in limited access.
Next steps
- See Get started with AI Object Storage to learn how to create Access Keys, buckets, and policies, and how to use objects and buckets to store and retrieve data.
- See Workload Identity Federation to learn how to use OIDC for secure, automated credential management in production workloads.