Skip to main content
This page provides an overview of CoreWeave’s security architecture, including network design, scalability, identity management, and data protection. It’s intended for security architects, platform engineers, and compliance teams who need to understand how CoreWeave isolates workloads, enforces access controls, and protects data across the platform.

Network security

CoreWeave’s network architecture supports bare-metal Kubernetes clusters without relying on hypervisors. It uses overlays and NVIDIA BlueField-3 DPUs to provide tenant isolation, observability, and low overhead. The core fabric uses a Clos topology, with leaf and spine switches interconnected through BGP unnumbered EVPN. This design enables scalable Layer 3 segmentation using VXLAN encapsulation. EVPN Type 5 routes distribute IP prefixes, allowing each Kubernetes tenant or namespace to operate within an isolated VRF and VXLAN VNI. Each bare-metal CoreWeave Kubernetes Service (CKS) Node includes a BlueField-3 DPU. These DPUs run independently from the host OS in their own Linux environments with DOCA-based applications. They handle PXE-based network bootstrapping, enforce security policies, and offload CNI functions such as routing, firewalling, and VXLAN termination. This architecture enables secure multi-tenancy and policy enforcement without a hypervisor. Network security is organized into three zones, each scoping a different category of traffic and trust boundary:
  • Zone 0: DPU management and Kubernetes Control Plane
  • Zone 1: Application Data Plane
  • Zone 2: External ingress and egress
The DPU filters north-south traffic using Layer 4 and optional Layer 7 policies. The CNI (such as Cilium with eBPF) manages east-west traffic, enforced at the DPU level to isolate workloads by namespace or identity. DPUs interface with the CNI plugin to map Pod interfaces to their correct VXLAN segments. Integration with SPIFFE/SPIRE and cert-manager can enable secure workload identities and mTLS lifecycle management within CKS clusters. The DPU natively supports observability by exporting logs and metrics. CoreWeave provides telemetry through VictoriaMetrics (PromQL-compatible), Loki, and customer-deployed security observability tools such as Falco or eBPF-based Cilium Tetragon for runtime enforcement. This architecture provides isolation and scalability for containerized workloads on bare metal, with networking and security operations offloaded to SmartNICs.

Scalability and performance

The same architecture supports scale and predictable performance for compute-intensive workloads. This architecture scales reliably for model training and inference workloads because it offloads infrastructure operations from the main compute resources. BlueField-3 DPUs decouple networking, storage, and security from the host CPU, dedicating full resources to training and inference tasks. This reduces latency and jitter, and allows predictable performance scaling across many Nodes. EVPN Type 5 overlays enable efficient Layer 3 multi-tenancy without complex NAT or overlay stitching. VXLAN encapsulation supports cluster expansion across racks and data centers, while BGP-based routing optimizes data flows. The architecture supports consistent, low-latency packet handling and bandwidth prioritization, which is critical for real-time inference and distributed training. CoreWeave network security architecture diagram

Identity and access management

CoreWeave’s identity and access management (IAM) framework enforces granular, role-based access controls across the entire stack, spanning administrative interfaces, CKS workloads, and CoreWeave AI Object Storage. At the management plane (Console, API, Terraform provider, Grafana, Logs and Metrics APIs), IAM uses role-based access control (RBAC) with permissions based on roles such as admin, write, read, or metrics. Identity providers authenticate access with single sign-on (SSO) and multi-factor authentication (MFA) support for secure authentication and auditability. Within CKS, IAM integrates with OpenID Connect (OIDC) for federated identity from providers such as Okta. Console (browser-based) login supports SAML federation. Users and service accounts authenticate with OIDC tokens mapped to Kubernetes RBAC policies, enabling fine-grained, namespace-level access. You can map Kubernetes service accounts to external identity tokens using tools such as kube-oidc-proxy or SPIFFE/SPIRE, supporting mTLS-based workload identities and zero-trust access. For S3-compatible storage, you define IAM policies in JSON, specifying principals, actions, and conditions for granular access control. CoreWeave evaluates these policies at request time for strict authorization and centralized or delegated management.

Data security

Data security is essential for privacy, compliance, and trust. In AI and cloud-native environments, security must cover the entire data lifecycle, from ingestion and storage to model training and inference. Effective data security combines encryption, access controls, workload isolation, and observability. Using a KMS-backed setup, CoreWeave provides encryption at rest to securely deliver secrets to workloads running in CKS clusters. Encryption in transit (TLS or mTLS) protects data between services in Kubernetes clusters. You can manage policy enforcement with tools such as OPA/Gatekeeper, and network segmentation with Cilium, to enforce least-privilege access inside CKS clusters. Data classification and tokenization de-identify sensitive data, reducing risk. Immutable logging pipelines, such as Kafka and Loki, provide traceable data lineage and access. Container isolation (such as Kata Containers) and image vulnerability scanning prevent lateral movement and enforce security from build to deployment. CKS clusters include CrowdStrike by default for endpoint protection. CoreWeave’s multi-tenant isolation and encryption features are backed by enforceable technical controls that support trustworthy, secure AI adoption at scale. They help customers address regulatory requirements such as GDPR, HIPAA, and CCPA.
Last modified on June 10, 2026