Our Blog Series: A Hands-On Guide to Secure Private AI with Broadcom

Our Blog Series: A Hands-On Guide to Secure Private AI with Broadcom

A four-part deep dive with Agustin Malanco, Will Arroyo, and Oren Penso on securing a complete private AI stack — from GPU tenancy to zero-trust microsegmentation to governing agentic workloads.

I’ve been heads-down for the last couple of months on a blog series I’m genuinely proud of, written alongside three people I respect a lot: Agustin Malanco, Will Arroyo, and Oren Penso.

The series is called “From Infrastructure to Agents: A Hands-On Guide to Secure Private AI with Broadcom,” and it’s exactly what it sounds like, our actual lab notes from securing a complete private AI stack based on VCF, end to end, with the config, the Terraform, and the packet captures.

Lots of blogs out there talking about securing AI at the concept level. Practical guidance is a lot rarer. That’s the gap we set out to fill.

The series, four parts

Part 1: Setting the Infrastructure — Networking and Deep Tenancy Before we ever touch a firewall rule, we go all the way down to the silicon. This post covers how we architect deep GPU tenancy — isolating compute from the org level down to the vGPU profile — and how we use VCF and NSX to build everything from shared logical networks to fully airgapped environments, depending on how sensitive the workload is.

Part 2: Securing GPU-Accelerated AI Workloads with VMware vDefend This is where it gets fun. We deployed the NVIDIA NIM RAG Blueprint across eight H100 GPUs, then used vDefend Distributed Firewall through Antrea CNI to lock down every pod-to-pod path with identity-based microsegmentation — twenty-one Terraform-defined rules in total. Then we proved it, packet by packet, with Antrea Traceflow: we watched a simulated compromised LLM try to reach the vector database directly, and watched the default-deny rule kill it at the first hop. No diagram, no theory — the data plane telling us exactly what it did.

Part 3 and Part 4 are coming. Part 3 moves north-south, into Avi WAF and Istio for L7 protection at the application layer. Part 4 goes all the way up the stack to governing agentic workloads and “vibe coding” with Tanzu — guardrails for the next generation of AI-built applications. I’ll post here as soon as each one drops.

Why I think this one matters

What makes this series worth the effort is that we are going deep to show how it is actually built, our actual Terraform, and our actual Agentic platform in action, because that’s the level of detail platform teams actually need when they’re the ones on the hook for it.

If you’re building or securing private AI infrastructure and autonmous agentic platform, This blog is for you. I’ll share Parts 3 and 4 the moment they’re live.