Effortlessly Protect Your GPUs

Today's GPUs aren't built for security. Stop data theft from the kernel.

YouTube GitHub

Funded by Balaji Srinivasan former CTO of Coinbase.

What Made us Start Bomfather?

We have always loved writing security tools, but we have found two significant problems in most of them. We created Bomfather to fix these issues.

  • -Most security tools only solve a small subset of the problem by themselves, forcing you to use multiple tools to get a decent level of security. We solve this issue by securing everything from the kernel and not the userspace.
  • -Most security tools are hard to setup and integrate into workflows. They become really painful to use since you usually need multiple of them to work together (each with their own convoluted setup). We made sure that the policy files are around 5 lines long so that they are easy to understand and change.

What Makes us Different?

Bomfather is an eBPF security tool that is built for securing GPUs and runtimes.

Features:

  • -Uses eBPF (extended Berkeley Packet Filter) to enforce policies. Unlike normal protections which are brittle and blind to what happens in the kernel, eBPF allows Bomfather to control what happens at the deepest level (the kernel).
  • -Extremely fast, adding only around a 1% to 3% runtime overhead while confidential computing adds around a 40% runtime overhead…
  • -Integration is extraordinarily simple. The Bomfather Agent runs as a passive background process, so you don’t need to rip up your infrastructure to integrate.
  • -We utilize an extremely simple, default deny policy. With this you don’t have to go through huge policy files trying to figure out what does what (watch our inheritance policy video for more information)!

Our GPU Protection in Action

Products

  
   
  
 

            
GPUs are critical to machine learning pipelines. Your user data flows through them, expensive proprietary models run on them, and your product hinges on their output.

            
All of this data on your GPU can be read, tampered with, and exfiltrated by bad actors, there is no in built access control around GPUs. You could use confidential computing (CC), but that adds a 40% runtime overhead and needless complexity. Can you afford to let your proprietary data sit on these GPUs with no protection?

            
This is where our eBPF protection comes in. With a negligible <2% overhead, It’s a passive process which runs in the background and requires no changes to your workflows.

            
To set up Bomfather, you write a simple five line policy specifying which programs can access the GPU. Bomfather handles the rest.