IBM Sovereign Core proposes a control plane for AI apps that doesn't rely on any single public cloud provider, which will appeal to some large enterprises, analysts said.
IBM will put its own spin on sovereign AI with a product due in tech preview next month that serves as a cloud-agnostic control plane for AI application deployments.
Sovereign AI typically refers to a generative AI service that operates within certain geographical or legal boundaries in compliance with local regulations. Interest in sovereign AI has grown as political volatility and diverging regulations have emerged over the last year.
But so far, sovereign AI efforts have focused primarily on keeping data used by AI stored in a certain region, rather than governing where the rest of the systems involved in AI applications reside, said Will Streit, vice president of software at IBM, in an interview with Informa TechTarget.
"The compliance controls that I might want to validate in production might be different from a development environment," Streit said. "Then, within those workloads, how do I extend that into AI?"
IBM Sovereign Core is planned as a response to that question, Streit said. It has been in development with design partners over the last few months and will open in a limited tech preview to a broader set of customers in early February. The product can be installed with a single click and stood up in as little as a day, according to Streit. It will connect to existing software development and deployment systems through a container registry, so users can choose which underlying systems they want to use.
"The generative AI angle does add a new wrinkle to sovereignty in general," said Jason Andersen, an analyst at Moor Insights & Strategy. "In the past, regulators wanted to know where data is being stored and processed, but generated stuff is a little different -- it starts to get a little bit weird, because it's being created [on the fly]."
Agents can be like children -- they run all over the place and create havoc. How are you going to put a control on that at runtime, not after the fact?
Jason AndersenAnalyst, Moor Strategy & Insights
That's where IBM Sovereign Core could appeal to large enterprises subject to multiple regional sovereignty regulations, who want an overarching software-based system to put compliance controls and verification around the generative AI inference and application deployment process, Andersen said.
"If you're deploying a generative AI application, you want to make sure it's sovereign before anything gets generated, so the result doesn't end up on some random GPU," he said. "You have to start thinking about this from the agent perspective too, which is where things get really crazy.
"Agents can be like children -- they run all over the place and create havoc," Andersen said. "How are you going to put a control on that at runtime, not after the fact? It's not like checking in and checking out code."
Andersen attributed the timing of IBM's preview disclosure to this week's general availability of Oracle Cloud Infrastructure's Generative AI service in Oracle's Top Secret classified cloud regions. AWS also launched a new European Cloud service this week.
"Oracle Top Secret Cloud is just for OCI -- not some sort of holistic hybrid," Andersen said. "IBM might be trying to latch on to the messaging moment, because if you're an enterprise, and you're running stuff all over the place, you're looking at 10 different dashboards to get an answer [about compliance], and at any minute, somebody could change the rules."
Sovereign AI hybrid cloud tradeoffs
For now, some details about specific technical components and features of the tool remain under wraps. Features of existing IBM and Red Hat software products, such as Red Hat OpenShift, can act as the infrastructure substrate for Sovereign Core, while HashiCorp's Vault will contribute access management features within a sovereign region, according to Streit. Elements of the IBM Concert Compliance Center will perform compliance verification and attestation. Sovereign Core will also include templates called accelerators that set up systems in compliance with specific regulations, such as the EU's Digital Operational Resilience Act.
The complete list of product features and their origins in the IBM portfolio isn't yet available, but licenses for those contributing products won't be a prerequisite to using Sovereign Core, Streit said.
It's likely that the initial version of Sovereign Core will be built on IBM and Red Hat tools and will develop into a more flexible framework that can integrate with third parties as well, said Rick Villars, an analyst at IDC.
"I think the first version will be, 'Here's the t-shirt sizes of it, and the three colors,' but, at some point, you can add your own logo or define the materials," Villars said. "But part of the goal IBM is trying to achieve is consistency and repeatability."
However, there will be tradeoffs in consistency between the software level and the cloud infrastructure level, Villars said.
"Part of what cloud providers bring is that it's prebuilt, it's pre-standardized and you understand the performance, because the provider is taking over the operational issues," he said. "IBM's offering something that says, 'Here's everything you need, but you've actually got to run the thing.'"
