Introduction to CoreWeave Security
Learn about security on CoreWeave
CoreWeave delivers security designed for large-scale AI workloads, focusing on protecting data, isolating network traffic, and enforcing granular identity controls. While the platform implements industry best practices for cloud security, it also goes beyond typical standards through hardware-enforced isolation and purpose-built architectures optimized for GPU compute, model training, and AI inference.
Core security pillars
CoreWeave's approach centers on three tightly integrated pillars:
- Data Security
- Network Security & Isolation
- Identity & Access Management (IAM)
These pillars are implemented via a physical and software architecture specifically engineered for multi-tenant, high-performance environments.
Data Security
Data Security protects sensitive assets, including proprietary models, regulated data, and confidential business logic. CoreWeave enforces comprehensive encryption at rest and in transit with secure key management, while AI Object Storage customers can optionally manage their own encryption keys for additional control.
CoreWeave uses NVIDIA BlueField-3 Data Processing Units (DPUs) on every CPU and GPU Node to provide hardware-enforced isolation that goes beyond the software-level protections typical in virtualized environments. This physical separation ensures that sensitive workloads remain isolated even in multi-tenant scenarios.
Policy-driven lifecycle controls govern data handling from creation through deletion, ensuring regulatory compliance and risk reduction. Immutable logging pipelines using technologies like Kafka and Loki provide end-to-end observability with traceable data lineage, supporting real-time audit requirements and compliance frameworks. This integrated approach establishes trust with clients while supporting privacy and regulatory adherence in high-performance AI environments.
Network Security & Isolation
CoreWeave enforces security and workload separation entirely at the hardware and network layer. In CoreWeave's high-performance, GPU-accelerated cloud, where multiple tenants run resource-intensive workloads, network segmentation and virtual private cloud (VPC) architectures are fundamental.
Data Processing Units (DPUs) on each CPU and GPU Node enhance hardware-level isolation. Each Node operates with its own BlueField-3 DPU that runs independently from the host OS, enforcing network security policies at layers 4-7 while offloading routing and firewall tasks. This architecture delivers true hardware-enforced multi-tenancy, where the DPU provides physical isolation rather than relying on software-based controls. CoreWeave uses Cilium's eBPF-based networking for efficient policy enforcement and advanced security observability.
The platform uses Ethernet Virtual Private Network (EVPN) overlays with VXLAN encapsulation and Type 5 routes to deliver scalable Layer 3 multi-tenancy without relying on hypervisors. This enables each tenant or namespace to operate in dedicated, isolated network segments (VRF/VNI), reducing attack surfaces and containing potential breaches.
Network security is organized into clearly defined zones: Control Plane, application Data Plane, and external ingress/egress—with traffic enforcement handled at the DPU level. This purpose-built architecture creates isolated environments for sensitive AI workloads while avoiding the resource contention and noisy neighbor effects that can impact model training and inference performance.
Identity & Access Management (IAM)
Identity and Access Management (IAM) governs platform access for users, services, and workloads using principles of least privilege and role-based access control (RBAC). CoreWeave environments use fine-grained access policies, workload identity federation, and audit logging to track and manage interactions across the platform. This enables organizations to maintain accountability, streamline onboarding/offboarding, and secure automated workflows without compromising agility.
CoreWeave supports service account mapping to external identity tokens via SPIFFE/SPIRE and kube-oidc-proxy. This enables mutual TLS (mTLS) authentication and zero-trust access patterns that are essential for secure AI model training and inference workflows where workloads need to authenticate to external services without storing long-lived credentials.
For storage access, programmable IAM policies are defined in JSON and evaluated at request time, providing granular control over both user and service access to AI Object Storage. This approach supports the dynamic access patterns typical in machine learning pipelines while maintaining security and audit requirements.
Summary of security features
| Component | Description |
|---|---|
| Data Processing Units (DPUs) | NVIDIA BlueField-3 DPUs are specialized hardware accelerators on every CPU and GPU Node that offload networking, storage, and security tasks while providing hardware-enforced workload isolation independent of the host OS. |
| EVPN VXLAN | Ethernet Virtual Private Network (EVPN) is used for efficient and scalable Layer 2 and Layer 3 VPN services. VXLAN (Virtual Extensible LAN) is used to encapsulate network traffic and create a virtualized network overlay. |
| Type 5 Routes in EVPN | Enables inter-tenant routing and traffic forwarding between isolated network segments. |
| Isolated networks for sensitive workloads | Networks are physically and virtually isolated to keep sensitive workloads secure and inaccessible to unauthorized systems. |
Together, data security, network isolation, and IAM form the foundation for a secure and compliant environment tailored for CoreWeave's high-performance infrastructure and products. This integrated model reduces risk and supports scalable, trusted innovation.
For more information and background on how we address security, visit the CoreWeave Security page.