5 min read
Press Release: BlueRock Introduces New AI Infrastructure Architecture for Secure-Shared Execution with AMD DMA Isolation
BlueRock
Open source NOVA addresses growing AI infrastructure challenges driven by continuous, active workloads requiring a new approach to execution, isolation, and scalability.
SAN MATEO, Calif., June 9, 2026 — BlueRock today announced the latest open-source release of its NOVA Microhypervisor, which introduces advanced DMA remapping support for AMD (NASDAQ: AMD) platforms with IOMMU hardware virtualization capabilities.
As AI infrastructure faces sustained concurrency, growing execution complexity, and increasing economic pressure, NOVA strengthens hardware-level isolation across workloads, devices, and memory in shared execution environments.
AI systems are rapidly shifting from experimental workloads into continuously running production infrastructure, and the economics of operating them are becoming impossible to ignore. Leading AI providers continue to invest billions into compute infrastructure while simultaneously facing rising inference costs, infrastructure strain, and growing pressure to improve operational efficiency and profitability. These pressures point to a larger architectural shift, scaling AI infrastructure is becoming as much an execution and systems architecture challenge as a compute challenge.
The NOVA microhypervisor was designed to address these demands through trusted isolation and secure shared-service execution at large AI infrastructure scale, supporting fully isolated virtual machines with up to 256TB of physical memory and 128 petabytes of virtual address space per workload.
AI Workloads Are Changing Infrastructure Requirements
As AI systems become more agentic, continuously active, and increasingly distributed, infrastructure efficiency and execution coordination are emerging as core business constraints. Future AI infrastructure architectures will need to prioritize isolation, predictability, reduced trusted complexity, and more efficient execution at scale rather than relying solely on continuously expanding compute capacity.
“The AI industry is entering a new phase where infrastructure architecture will increasingly determine who can operate efficiently at scale,” said Harold Byun, CEO of BlueRock. “As workloads become more dynamic, continuous, and resource-intensive, the underlying systems must evolve alongside them. We believe the next generation of AI infrastructure will prioritize trusted isolation, execution efficiency, reduced complexity, and secure shared-service operation at massive scale. NOVA was built for that shift.”
New AMD DMA Isolation Capabilities
NOVA’s security and isolation capabilities now include DMA remapping support on AMD platforms using hardware IOMMU functionality. The capability is enabled by default as a core enforcement mechanism within the platform.
NOVA can:
Prevent hardware devices assigned to one virtual machine from accessing the memory of neighboring workloads
Enforce fine-grained memory access controls at the hardware layer
Restrict access at per-device and per-memory-page granularity
Abort unauthorized memory transactions directly through the IOMMU
Optionally record DMA remapping faults for diagnostic analysis
“Enterprise AI workloads require an infrastructure built on absolute certainty rather than assumed security. To meet this standard, organizations must transition away from implicit trust models, establishing definitive, provable trustworthiness through the rigorous formal verification of foundational source code", said Udo Steinberg, Fellow & Co-Founder of BlueRock. “As traditional systems built for predictable enterprise applications are increasingly leveraged for highly dynamic, continuous AI execution, infrastructure security must evolve. NOVA addresses this critical shift by minimizing the trusted computing base and enforcing isolation directly at the hardware-software boundary.”
The architecture lays the foundation for future execution-aware security and introspection capabilities by enforcing protections beneath guest operating systems, helping maintain isolation even if workloads are compromised. Released as open source under the GPLv2 license, the NOVA Microhypervisor enables infrastructure trust and enforcement mechanisms to be independently inspectable and verifiable by the broader technical community.
The community repository is available on GitHub. Learn more about NOVA Microhypervisor here.
FAQ
What is the NOVA Microhypervisor and what does it do?
NOVA is an open-source microhypervisor developed by BlueRock that provides hardware-level isolation for shared AI infrastructure. It supports fully isolated virtual machines with up to 256TB of physical memory and 128 petabytes of virtual address space per workload. NOVA enforces isolation at the hardware-software boundary, minimizing the trusted computing base and enabling secure shared-service execution at large AI infrastructure scale.
How does AMD DMA isolation work in NOVA?
NOVA uses AMD IOMMU hardware virtualization to enforce DMA remapping — preventing hardware devices assigned to one virtual machine from accessing the memory of neighboring workloads. It enforces fine-grained memory access controls at per-device and per-memory-page granularity, aborts unauthorized memory transactions directly through the IOMMU, and can optionally record DMA remapping faults for diagnostic analysis. The capability is enabled by default.
Why does AI infrastructure need hardware-level memory isolation?
As AI workloads shift from experimental to continuously running production systems, multiple workloads increasingly share the same physical infrastructure. Without hardware-enforced isolation, a compromised or misbehaving workload can access the memory of neighboring processes. Hardware-level DMA isolation — enforced through the IOMMU beneath guest operating systems — ensures that isolation holds even if a workload itself is compromised, providing provable rather than assumed security.
Is NOVA open source and how can developers access it?
Yes. The NOVA Microhypervisor is released under the GPLv2 open-source license, making its trust and enforcement mechanisms independently inspectable and verifiable by the broader technical community. The community repository is available on GitHub.
What's the difference between a microhypervisor and a traditional hypervisor?
A microhypervisor minimizes the trusted computing base by keeping the privileged code layer as small and verifiable as possible, reducing the attack surface compared to traditional hypervisors that include large, complex software stacks. NOVA enforces isolation directly at the hardware-software boundary, making its security properties independently inspectable and formally verifiable — a critical distinction for AI infrastructure where trust must be provable, not assumed.
