Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your platform team already runs a production-readiness review on every workload that ships to Kubernetes. When the workload is an AI agent, the PRR doesn’t get thrown out — it gets a delta. Most of the items still apply; specific ones need extension when the workload is non-deterministic, calls tools dynamically, and exercises identity at runtime in ways the manifest didn’t predict.

Most threat modeling assumes the attacker has to break something. AI agents change that assumption. An attacker who controls a prompt can make the agent misbehave without breaking anything at all. The prompt can be a customer support ticket the agent reads, a document it retrieves, or a tool response it processes — any input the agent treats as context is an attack surface. On Kubernetes, that attack surface has physical form.

Every guide to AI agent observability tells you what to capture — prompts, tool calls, token usage, traces, syscalls. Almost none address which of those signal sources you can still trust when the agent itself is part of the threat model. That distinction is the entire difference between observability that helps your SRE team debug a slow reasoning chain and observability that helps your security team investigate a breach.

Our previous post, How to Secure Microservices with SPIFFE and Istio, showed how to secure Kubernetes microservices using Istio policy and SPIFFE identities, with Teleport issuing the identities that the mesh trusts. The question teams face next is: How do you extend that identity-driven security model to workloads outside Kubernetes — such as VMs, edge gateways, and legacy services — without creating a massive certificate-management project?

The Cyber Resilience Act (CRA) is an EU regulation that sets binding cybersecurity requirements for any "product with digital elements" placed on the European Union market. It is the first horizontal EU law that holds manufacturers accountable for the security of hardware and software throughout the entire product lifecycle—from design to end-of-support.

Tatu Ylonen, the inventor of the SSH protocol, has long warned that a single stolen SSH key "can in many cases lead to compromise of the entire server environment." But in the bare-metal and private cloud infrastructure of high-frequency or quantitative trading firms, privileged access to trading infrastructure often depends on shared or static credentials like SSH keys or hardcoded API tokens.

Certificate automation does a lot of work on your behalf. Agents running on your servers, talking to certificate authorities, deploying certs to your infrastructure. At some point someone (your CISO, your auditor, or your own brain at 3am) is going to ask: what exactly happened, and when? Today we’re shipping audit logs. Every action taken in CertKit is now recorded: logins, invitations, certificates added, issued, renewed, revoked, and deployed. Agent registrations, approvals, and config changes.

An active supply chain attack has compromised 323 npm packages published under the atool npm maintainer account. The wave sweeps the entire @antv data-visualization organization alongside standalone libraries with wide independent adoption: echarts-for-react, timeago.js, size-sensor, and canvas-nest.js. With echarts-for-react pulling roughly 1.1 million weekly downloads, any project that auto-updates these packages is in scope.