Field notes · Case F-04 · Colocation

Other people’s GPUs: the seam in every colocation contract

Tenants are moving their own AI compute into shared halls. The physical security model, and the contract behind it, was never designed for the value now sitting in the cage next door.

Colocation was built on a clean bargain: the operator secures the building, the tenant secures the cage. That bargain held when a cage held web servers. It does not hold when a tenant rolls in eight figures of accelerators, because the threat now crosses the seam in both directions: the operator’s weakest process exposes the tenant’s hardware, and the tenant’s weakest contractor exposes everyone else’s.

In a shared hall, your effective perimeter is the weakest tenant’s escort discipline.

Where the seam actually leaks

Questions that belong in the contract, not in the incident review

For tenants bringing GPUs into shared space, we recommend negotiating five things before signature: audit rights with a named cadence, incident notification measured in minutes with a defined severity ladder, escort ratios and vetting standards for anyone entering the cage, footage access and retention terms, and a shared-responsibility matrix that names an owner for every control between the road and the rack. None of these cost the operator much. All of them are difficult to add after an incident.

For operators, the argument runs the other way: tenants with high-value compute are starting to assess you. The facilities winning AI workloads are the ones that can hand a prospective tenant evidence instead of assurances: patrol logs, reconciliation records, drill results. Physical security has quietly become a sales document.

We sit on both sides of colocation agreements. Yours deserves a careful reading before signature.