IN March 2025, Broadcom patched a series of VMware ESXi zero-day vulnerabilities that could escape the VM sandbox entirely, highlighting how a single compromise can disable or encrypt dozens of virtual machines at once. In 2023, the ESXiArgs campaign affected an estimated 3,800 servers globally, underscoring the ongoing risk of hypervisor-level breaches that can bypass host-based protections.
The article argues the traditional approach of security on the host is inadequate for AI data centres, where just-in-time VM and container dynamics create blind spots and churn. It proposes a DPU-based security architecture, with security workloads executed on the DPU rather than the CPU, enabling line-speed, tamper-proof security that remains invisible to attackers and preserves host performance.
This architecture places continuous monitoring and policy enforcement between the host and the network, safeguarding both physical and virtual infrastructure and east–west traffic without degrading compute throughput. According to the article, this shift removes the security versus productivity trade-off, delivering comprehensive visibility and zero-trust security at the hardware level.