Broadcom is staking a dramatic claim: enterprise AI belongs on-premises, and it just made the move a lot cheaper. At VMware Explore 2025 in Las Vegas, the company announced that VMware Private AI Services will be bundled at no additional cost with every VMware Cloud Foundation (VCF) 9.0 subscription, starting in its Q1 fiscal 2026. CEO Hock Tan went further, declaring on stage that VCF 9.0 “now outperforms public cloud” on cost, security, and control, urging customers to “embrace VCF and stay on-premise.”

It’s a full-throated assault on the public cloud providers that have dominated enterprise AI experimentation. By packaging model stores, runtimes, GPU monitoring, agent builders, vector databases, and retrieval tools inside its flagship private-cloud platform, Broadcom is betting that regulated, cost-conscious enterprises will bring AI workloads back in-house — and that VCF will be the foundation they build on.

What’s Actually New in VCF 9.0

VCF 9.0 became generally available the same week as the conference, and Broadcom’s blog post outlines a sweeping rearchitecture. The release unifies operations and consumption behind a single interface. Fleet-wide health, patching, and compliance live in a new VCF Operations Console, while developers hit one set of APIs or Terraform providers for infrastructure-as-code, self-service catalogs, and Kubernetes cluster management. The goal is to give private clouds the same fluid, self-service experience that makes public clouds attractive — without the sovereignty and budget headaches.

Core innovation upgrades include Advanced NVMe Memory Tiering, which lets flash act as a lower-cost tier of memory for dense workloads; vSAN Global Deduplication that spans clusters to reduce flash footprint; and Enhanced Data Paths with optional DPU offload to slash east-west latency for AI pipelines and microservices. Broadcom claims internal tests show 25% better AI inference performance per watt and 50% more workloads per watt, though these figures carry a footnote that they are based on internal estimates as of March 2025.

Private AI as a Standard Feature

The bundling of Private AI Services is the headline-worthy shift. Until now, enterprises building on-prem AI systems had to source and integrate each component separately — model hosting, vector search, agent frameworks, monitoring. Broadcom is collapsing that stack into the base VCF 9.0 license. Announced capabilities include a model store, model runtime, GPU monitoring, an agent/assistant builder, vector database support, and retrieval-indexing tools. The services will be available to VCF 9.0 customers in Broadcom’s Q1 FY26, meaning a short wait from the GA of the core platform.

Broadcom’s explicit pitch is that experimenting with large language models and agentic AI in the public cloud risks unpredictable spending and data exposure. By offering governed, GPU-aware AI services inside a private cloud, the company argues organizations can budget more predictably and keep training data under lock and key. This is not just a feature drop — it’s a commercial pivot designed to change the procurement calculus for enterprise AI projects.

Canonical Partnership Hardens Air-Gapped Deployments

Alongside the AI push, Broadcom expanded its partnership with Canonical to ship Ubuntu chiseled containers, Ubuntu Pro support, and precompiled virtualized GPU drivers directly within VCF. Chiseled images are ultra-small, vendor-maintained OCI containers that strip away non-essential packages, slashing the attack surface and image size. For highly regulated or air-gapped environments that cannot pull software from the public internet, having these minimal, pre-built images and GPU stacks ready out of the box is a meaningful operational win. Canonical’s chiseled containers and GPU drivers address the practical hurdles that have kept sensitive workloads tethered to purpose-built hardware or locked out of containerization entirely.

Security and Resilience Hardened for the AI Era

VCF 9.0 introduces VCF Advanced Cyber Compliance, a service aimed at heavily regulated industries. It enforces continuous configuration compliance at scale, automates cyber recovery to on-premises clean rooms, and delivers push-button VM isolation workflows during ransomware events or outages. The capability is explicitly designed for scenarios where sending recovery data to a remote cloud is legally or operationally forbidden.

Security for AI workloads gets its own spotlight. Broadcom unveiled a tech preview of lateral zero-trust protections tailored for AI agents running inside the private cloud. Building on its vDefend micro-segmentation and runtime verification tools, the new layer applies the same principle to agent-to-agent and agent-to-data flows, aiming to prevent a compromised model from accessing sensitive data stores. A new Security Operations Dashboard overlays attack-surface maps with compliance scores, giving SecOps a unified view of vulnerabilities and drift.

Developer Productivity Mirrors the Public Cloud

Several features are designed to make the private cloud feel more like the public cloud for application teams. Native vSAN S3 object store support, integrated Istio service mesh in the Kubernetes distribution, and GitOps/Argo CD plumbing for VKS (vSphere Kubernetes Service) let developers consume storage and networking declaratively. Cost and chargeback dashboards translate resource consumption into invoice-ready numbers per tenant or business unit, mimicking the financial transparency that finance teams expect from hyperscalers.

Customer Traction and Bold Claims

Broadcom trotted out impressive numbers: nine of the top ten Fortune 500 companies have committed to VCF, and over 100 million cores are licensed worldwide. Walmart signed on as a strategic vendor for virtualization solutions, and Grinnell Mutual’s IT team took the stage to testify about cost savings on vSAN and developer productivity gains. These figures are widely repeated in Broadcom’s press materials but remain company-supplied and not independently verified. Customers should request industry-specific references and contract-level proof points.

Strengths of the VCF 9.0 Proposition

The integrated private AI stack cuts through the piecemeal assembly that bogs down many on-prem AI initiatives. Organizations already running VCF get an immediate lift if the services deliver as promised. For regulated industries — finance, healthcare, government — the ability to run model training, inference, and recovery entirely within air-gapped clean rooms directly answers compliance requirements that most public clouds can only approximate with complex contractual scaffolding.

Operational predictability gets a boost from native chargeback, cost dashboards, and resource accounting. Platform teams gain an integrated view of spend, reducing the cognitive load of managing AI budgets and avoiding the bill shock common with pay-as-you-go models. And the Canonical partnership delivers concrete, vendor-supported tooling for air-gapped environments, a niche that often forces painful workarounds.

Risks That Deserve Scrutiny

Broadcom’s claim that VCF 9.0 “now outperforms public cloud” is marketing, not settled fact. Independent, reproducible benchmarks across representative AI workloads and networking topologies are absent. The performance figures cited come from internal Broadcom engineering estimates submitted in March 2025, not from third-party labs. Until validation arrives, IT leaders should treat these statements as aspirational.

Operational overhead is another reality check. Public cloud elasticity isn’t just about cost — it’s about outsourcing patching, global telemetry, multi-region replication, and managed services. Running AI on-prem demands capital investment in GPUs, DPUs, cooling, and specialized networking, along with staffing for 24/7 operations. Broadcom’s cost-predictability claim holds only for organizations with the scale and maturity to operate their own AI platforms efficiently.

The shadow of vendor lock-in looms. Since acquiring VMware in late 2023, Broadcom has centralized product strategy, moved to a three-year major release cadence with fewer majors and longer support windows, and reshaped partner programs in ways that have alarmed smaller channel players. While the new cadence promises stability, it may slow the feature velocity that some enterprises demand. Critics also worry that consolidation and margin-seeking could affect add-on pricing or ecosystem openness over time.

Centralizing AI models on-prem reduces external data exposure but concentrates risk inside the network. Weak RBAC policies or misconfigured models could amplify the impact of an insider attack. Broadcom’s zero-trust lateral security features are a step toward mitigation, but the true security posture will depend on customer operational discipline, not just product features.

Microsoft’s Countermove: A VM Conversion Tool

While Broadcom pushes its private-cloud AI narrative, Microsoft is quietly lowering the barriers to leaving VMware altogether. A new VM Conversion tool inside Windows Admin Center, currently in public preview, streamlines migrations from VMware to Hyper-V. It targets the same regulated, cost-conscious customers who might be tempted by VCF’s on-prem AI pitch. By reducing the friction of moving off VMware stacks, Microsoft gives enterprises another lever when evaluating the total cost and risk of Broadcom’s platform bet.

Practical Advice for IT Decision-Makers

Any enterprise evaluating VCF 9.0 for private AI should start by auditing the workloads they plan to move. Classify them by performance sensitivity, data residency needs, and regulatory constraints to estimate on-prem GPU footprint and TCO versus cloud alternatives. Next, demand proof points. Ask Broadcom for reproducible benchmarks specific to your models, dataset sizes, and concurrency, and request references from customers in your industry. Validate the security posture end-to-end — assess configuration drift tooling, patch cadences, RBAC controls, and incident response playbooks for private AI scenarios.

Plan for total lifecycle costs. Hardware refresh timelines, power and cooling requirements, and vendor support commitments (including any extended support purchase options) should be budgeted upfront. VCF’s new three-year release cadence changes upgrade timelines, and the company’s partner program realignment could affect the service continuity that some organizations rely on. Finally, consider a hybrid model. For many firms, the sweet spot will be on-prem AI for sensitive, high-volume production workloads paired with public cloud for bursty experimentation and elasticity. Unified governance across both surfaces remains the North Star.

The Bottom Line

Broadcom’s VCF 9.0 and its bundled Private AI Services mark a deliberate, well-funded attempt to redefine the private cloud as the default platform for enterprise AI. The technical story is compelling: integrated AI tooling, Canonical-hardened containers for sensitive deployments, advanced security and recovery features, and developer experience that mimics public-cloud consumption. For organizations that must keep data in-house, the package lowers the barrier to entry meaningfully.

But the gap between promise and delivery remains wide. Performance and cost claims need independent validation, operational complexity does not disappear, and the commercial risks of consolidation can’t be ignored. The race between on-prem integration and cloud convenience is accelerating, and Broadcom has placed a massive bet. The next year will determine whether that bet pays off or becomes another chapter in the long history of platform overreach.