There is a reason Gartner put Confidential Computing in its 2026 strategic technology trends. Sensitive data needs stronger protection while it is being used, not only while it is stored or transmitted.
Hey, Rocky the Raptor here, RPost’s cybersecurity product evangelist, and I feel this is an important move. But from my perch, looking down at the real attack paths forming across the digital business landscape, I see the same problem stretching even farther.
“The man-in-the-middle did not disappear. He moved.”
He moved from the transmission path to the recipient device, from the encrypted pipe to the compromised inbox, from the corporate network to the supplier’s laptop, the customer’s mailbox, the outside counsel’s document room, the broker’s workflow, the consultant’s shared drive, and the fourth-party system - no one in the enterprise security team can directly see.
So, yes, absolutely protect data in use. But ask the harder question: “What happens when YOUR content is in use on someone else’s device, inside someone else’s network, under someone else’s controls, after it has already left your endpoint?” That is where the next security frontier begins.
Gartner describes Confidential Computing as a way to protect data while it is being processed, using trusted execution environments to reduce unauthorized access, including in infrastructure that the enterprise may not fully control. So, Confidential Computing protects processing environments.
Gartner also connects the trend to stricter privacy requirements, data localization, AI adoption, and secure use of sensitive workloads. The direction is unmistakable: security must move closer to the moment of use.
However, RPost’s PRE-Crime™ asks a parallel question for business content: “Can security travel with the content itself, so the content becomes intelligent enough to detect suspicious access and lock down before attackers see what they came for?”
Well, you could argue that’s not the same technical mechanism as Confidential Computing. I’m not saying a document link is a hardware enclave; I’m saying move protection closer to use, reduce reliance on perimeter assumptions, and stop trusting that delivery equals safety.
Back to the classic man-in-the-middle story. It was all about interception. Someone got between the sender and the recipient, watched the transmission, or tampered with the message in motion. Encryption made that harder. But cybercriminals adapted.
They compromise the supplier account, monitor the outside counsel mailbox, watch an escrow thread, read invoice traffic from a contractor, study a board packet forwarded to a personal device, and wait inside the workflow until they understand the people, timing, tone, authority, and money movement.
That is the modern man-in-the-middle: not always in the wire, but in the content’s afterlife.
This is why “sent securely” is no longer enough. The real question is whether the content remains protected after it lands in places your SEG, EDR, XDR, SIEM, DLP, and third-party risk platform cannot fully monitor.
A CISO should ask: “Show me a risk signal I cannot get from my existing stack, and show me how that signal helps stop fraud before execution.” That’s exactly the signal RPost’s RAPTOR™ AI was built to generate.
Every enterprise has a shadow zone around its content - not shadow IT, shadow use.
But the content is still yours, the risk is still yours. The breach, fraud, dispute, regulatory inquiry, or reputational damage may still come back to you. The device, the network, the mailbox, the logging, or the security controls, however, may not be yours. That’s the gap.
And in some enterprises, the gap is not only external. Sensitive content can leak through insider threats or simple human error - someone mis-sends a document, forwards a file, leaves access open, sends to the right company, but the wrong person, or exposes the content before realizing the mistake.
Traditional DLP often thinks at the moment of send. PRE-Crime thinks after the send too. Imagine if content could become intelligent enough to notice anomalous access after delivery or could generate forensic interaction metadata from that access? What if AI could assess whether the access is expected, suspicious, automated, concealed, or part of a broader reconnaissance pattern? What if the content could auto-lock before it is seen? Now we are talking!
Aragon Research’s Preemptive Intelligent Content Security category is important because it puts the spotlight on where the attacker’s value is - the content. Aragon’s research describes a rising need to protect content and document-related transactions with AI-enabled threat identification and protection, and RPost has been named a Pioneer in this new category.
That category matters because attackers do not just steal data; they steal context. Payment instruction, contract redline, signature packet, legal thread, supplier invoice, file-share link, customer account change – all of these are the context. And in the AI era, this context becomes ammunition.
So, the content needs more than static protection; it needs intelligence. It needs to understand access attempts, notice abnormal interaction, and connect a suspicious touch on one document with a suspicious touch on a related message, thread, matter, or third party. And when the risk is high enough, it needs to lock before the attacker sees enough to act. That is the PRE-Crime idea!
RPost solves this through RAPTOR™ AI across its RMail, RSign, and RDocs editions, with AI Auto-Lock and Double DLP concepts designed to protect content after delivery.
RMail brings the model to email and secure communication. RSign brings it to digital transactions and eSignature workflows. RDocs brings it to document controls and rights-aware content. Together, they create a content platform surface where interaction with messages, documents, links, signatures, and transaction assets can produce intelligence.
That intelligence is not the same as ordinary gateway telemetry, a mail log, an endpoint alert, or a SIEM event. It’s newly generated evidence from how the content itself is accessed and interacted with after it leaves the sender’s environment. This is the RAPTOR AI advantage.
RAPTOR AI interacts with RPost content platforms to generate beyond-the-network and beyond-the-endpoint content interaction metadata, including activity inside third- and fourth-party environments. This creates a dataset that does not naturally exist in the usual enterprise systems because those systems often cannot see the external recipient’s device, mailbox, network, scanner, or workflow.
RAPTOR AI uses this new dataset as the anchor for analysis, asking whether the access pattern is consistent with normal business behavior or whether it looks like reconnaissance, compromised-account access, concealed infrastructure, automation, impersonation preparation, or fraud staging.
Gartner’s 2026 trends organize Confidential Computing under the theme of building secure, scalable, adaptive digital foundations, and separately identify Preemptive Cybersecurity as a trend focused on moving beyond traditional detection and response toward anticipating, disrupting, and neutralizing cyberattacks before they occur.
Gartner also projects significant adoption of Confidential Computing for processing in untrusted infrastructure and significant spending movement toward preemptive solutions.
That combination should get every CISO’s attention. The security stack cannot remain centered only on where data sits, packets move, or endpoints are managed. It must also address how business content behaves after delivery, in the hands of recipients, counterparties, suppliers, customers, counsel, advisors, and third parties.
Confidential Computing is a clear signal that the market understands the weakness of protecting data only at rest and in transit. The next step is to apply that instinct to the content itself.
Business content needs its own intelligence layer, as well as to generate evidence when touched. Most importantly, it needs to act, because a CISO does not need yet another dashboard. They need a control that says, “We saw the attacker preparing, and we denied the context before the crime could form.”
May 29, 2026
May 22, 2026
May 15, 2026
May 08, 2026
May 01, 2026
Blog