Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Securing kubectl on Remote Kubernetes Clusters Without Static Credentials or VPNs

Fleets of robots, drones, EV chargers, and sensors now run K3s or MicroK8s on the device itself, bringing container orchestration to hardware deployed in warehouses, cell towers, and customer sites around the world. Engineers need kubectl to debug and manage containerized workloads on those devices in the field. But because each cluster requires a kubeconfig file, and every kubeconfig file is a shared static credential, risk grows with each new device added to the fleet.

How Teleport Operationalizes the EU Cyber Resilience Act's Secure-by-Design Mandate

The EU Cyber Resilience Act (CRA) enters its enforcement window in 2027, but preparations should start now. ENISA's Secure by Design and Default Playbook (v0.4, March 2026) translates the CRA's legal text into 22 actionable security playbooks, structured around architectural foundations, operational integrity, default hardening, and guided protection. Together, they represent the most prescriptive infrastructure security framework the EU has ever published.

The Room Where V2 Happens

I ran the same internal AI workshop twice in one week. Same content, same agenda, same Zoom link, just offered at multiple times to cover different schedules. By the second session, half of my material was wrong. Between the two scheduled sessions, something had changed. In the first session we couldn't use the skills feature in Claude. By the second, we could. Nothing dramatic happened.

When AI Agents Call AWS, Who Does AWS Think They Are?

In Part 1, Your AI Agent Needs to Know Who You Are, we showed how Teleport JWTs give MCP tools a verified identity for every request. This post extends that pattern to AWS, specifically to Amazon Bedrock AgentCore, where the same identity gap exists but requires a different solution stack. You ask an AI agent to list your S3 buckets. The agent calls an MCP tool. The tool reaches out to AWS. However, CloudTrail records the action under something like agentcore-bot, but not your identity.

Kubernetes for Agentic AI: Best Practices for Identity and Access

In Part 1 of this series, we addressed 18 Kubernetes best practices spanning across container hardening, observability, availability, and fault tolerance. Those practices secure the containers that agents run in. But the CNCF AI Technical Community Group's cloud-native agentic standards go further, establishing that securing containers is only the beginning.

How to Meet EU Cyber Resilience Act (CRA) Requirements

In March 2026, attackers from the TeamPCP group compromised Trivy (CVE-2026-33634) — a widely-deployed open-source vulnerability scanner running in thousands of CI/CD pipelines — and turned it into a credential harvester. SSH keys, Kubernetes secrets, cloud tokens — secrets accessible to any pipeline that ran a compromised version — were exposed. The attacker retained access long enough to exfiltrate newly rotated secrets before the window closed.