All of this data on your GPU can be read, tampered with, and exfiltrated by bad actors. There is no built in access control for GPUs. All user data or proprietary model weights can be stolen or modified. That is why we created Bomfather, a fast, simple, and innovative solution to GPU security.
GPUs are fundamentally insecure, they have no built in access control. Any process on the system can open /dev/nvidia* and read or modify GPU memory, including model weights, training data, and user data.
Bomfather flips this by denying all access to the GPU except for trusted executables. Malware, compromised scripts, and unauthorized users are blocked at the kernel level before they can touch your GPU.
Writing policies is one of the hardest things since they can get extremely complex. So, Bomfather has policy inheritance, if you define what binary can access a GPU, then all child processes automatically inherit the same permissions. No need to list every training script or subprocess.
Having a security agent is great, but what happens if someone shuts it down? To stop this, the Bomfather agent stops anyone from trying to shut it down (even if they have elevated privileges). The only way to shut the agent down is to pass in a private key that matches a public key in the policy.
A huge attack vector for eBPF security is modifying the eBPF maps, so we make sure that our maps are secure (Take a look at our blog post about securing eBPF maps). We are the first and only eBPF solution to do this natively.
GPUs are fundamentally insecure, and the next best solution to secure them is confidential computing, but that adds anywhere from 10% to 4060% overhead depending on your workload. Can you afford to let your proprietary data sit on these GPUs with no protection?
This is where our eBPF protection comes in. With a negligible <2% overhead, it's a passive process which runs in the background and requires no changes to your workflows.