Oakland, CA, USA
2015
  |  By Steven Martin
Fleets of robots, drones, EV chargers, and sensors now run K3s or MicroK8s on the device itself, bringing container orchestration to hardware deployed in warehouses, cell towers, and customer sites around the world. Engineers need kubectl to debug and manage containerized workloads on those devices in the field. But because each cluster requires a kubeconfig file, and every kubeconfig file is a shared static credential, risk grows with each new device added to the fleet.
  |  By Maximilian Heck, Waldemar Kindler
The EU Cyber Resilience Act (CRA) enters its enforcement window in 2027, but preparations should start now. ENISA's Secure by Design and Default Playbook (v0.4, March 2026) translates the CRA's legal text into 22 actionable security playbooks, structured around architectural foundations, operational integrity, default hardening, and guided protection. Together, they represent the most prescriptive infrastructure security framework the EU has ever published.
  |  By Kathleen Sikora
I ran the same internal AI workshop twice in one week. Same content, same agenda, same Zoom link, just offered at multiple times to cover different schedules. By the second session, half of my material was wrong. Between the two scheduled sessions, something had changed. In the first session we couldn't use the skills feature in Claude. By the second, we could. Nothing dramatic happened.
  |  By Teleport
Recognition reinforces Teleport's leadership in enabling resilient infrastructure at scale, critical for the agentic era.
  |  By Jeffrey Ellin
In Part 1, Your AI Agent Needs to Know Who You Are, we showed how Teleport JWTs give MCP tools a verified identity for every request. This post extends that pattern to AWS, specifically to Amazon Bedrock AgentCore, where the same identity gap exists but requires a different solution stack. You ask an AI agent to list your S3 buckets. The agent calls an MCP tool. The tool reaches out to AWS. However, CloudTrail records the action under something like agentcore-bot, but not your identity.
  |  By Boris Kurktchiev, Megan Moore
In Part 1 of this series, we addressed 18 Kubernetes best practices spanning across container hardening, observability, availability, and fault tolerance. Those practices secure the containers that agents run in. But the CNCF AI Technical Community Group's cloud-native agentic standards go further, establishing that securing containers is only the beginning.
  |  By Teleport
Award recognizes Teleport's Infrastructure Identity platform for its innovative zero trust architecture securing AI agents alongside humans, machines, and workloads.
  |  By Maximilan Heck, Waldemar Kindler
In March 2026, attackers from the TeamPCP group compromised Trivy (CVE-2026-33634) — a widely-deployed open-source vulnerability scanner running in thousands of CI/CD pipelines — and turned it into a credential harvester. SSH keys, Kubernetes secrets, cloud tokens — secrets accessible to any pipeline that ran a compromised version — were exposed. The attacker retained access long enough to exfiltrate newly rotated secrets before the window closed.
  |  By Megan Moore
AI agents querying databases pose well-documented risks. What gets less attention is the fact that PostgreSQL has no native concept of an agent as a distinct actor. This means DBAs are managing access for something that appears in pg_stat_activity like any other role created with CREATE ROLE, with no distinguishing attributes and no indication of who or what initiated the connection. AI agents have no distinct identity when interacting with PostgreSQL.
  |  By Nicolas Morris
Cloud service providers preparing for FedRAMP 20x are encountering a fundamentally different authorization model than the one their compliance programs were built around. The traditional FedRAMP path produced lengthy System Security Plans, point-in-time assessments, and human-readable narrative evidence.
  |  By Teleport
AI agents are rapidly moving into production, but most organizations are still deploying them on top of legacy identity systems built around passwords, secrets, and fragmented access models. In this video, we introduce the Teleport Agentic Identity Framework, a standards-driven approach for deploying AI agents securely across infrastructure using cryptographic identity, governed access, and continuous visibility.
  |  By Teleport
Securing AI agents in Teleport, focused on unified identity, eliminating standing privileges, and enforcing real policy controls instead of relying on the whims of an agent.
  |  By Teleport
Regulators don’t just want login logs anymore. They want immutable proof of every action and full session recordings. Steven Martin on how Teleport delivers that — and how AI-powered session summaries are changing what audit actually looks like.
  |  By Teleport
There’s a moment in every Teleport demo where the customer lights up. They see session replay, Kubernetes playback, the scope of what’s possible — and something clicks. Gus Luxton on why that reaction never gets old.
  |  By Teleport
AI agents are tireless, highly capable, eager to please, but difficult to manage. George Chamales (CriticalSec) and Josh Rector (Ace of Cloud) unpack the identity and access challenges posed by agentic AI. How do you verify it was the right agent, doing the right action, approved by the right person? How do we bound, constrain, govern agentic behavior? Ultimately, the same frameworks built for human identity and access should be applied to agents.
  |  By Teleport
FedRAMP 20x → continuous monitoring. Moving from point-in-time audits to real-time visibility.
  |  By Teleport
With just a Slack message, AI agents can triage and resolve Kubernetes failures. But what's stopping that agent from wiping your cluster?
  |  By Teleport
In this video, we demonstrate how to securely grant an AI agent (OpenClaw) access to Teleport-protected Kubernetes resources using Teleport Machine Identity and tbot, without exposing secrets, API keys, or long-lived tokens. You’ll see how Teleport treats AI agents as first-class identities, enforcing strict RBAC controls so the agent can only do what it’s allowed to do, like reading logs, while being blocked from sensitive actions like deleting resources or accessing secrets.
  |  By Teleport
SOC 2 was built for human-operated systems and predictable infrastructure. Agentic AI introduces systems that can act, adapt, and change over time, creating new governance and risk considerations.
  |  By Teleport
Three methods for issuing identity to AI agents — and why static credentials will always eventually leak no matter how well you vault them. Ev Kontsevoy breaks down standard credentials, durable identity, and digital twins, and explains why the issuer of identity needs to be the same across your entire environment.
  |  By Teleport
While SSH has always been a popular attack vector, the increased adoption of elastic, cloud infrastructure and dynamic, micro-service architecture using containerized application services (aka, "cloud-native" applications), has resulted in the additional complexity of having application services that can migrate across dynamic server infrastructure. This makes managing access to applications and their infrastructure through SSH more complicated and more prone to security threats.
  |  By Teleport
With their rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. This hands-on book guides you through security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up.
  |  By Teleport
In this paper, we will provide a brief description of what SSM Session Manager is and how it compares to Gravitational's Teleport privileged access management solution. We'll compare the significant design and feature differences and the operational overhead of the solutions. Because Session Manager is limited to AWS, we'll limit the scope of the discussion to that cloud provider. Finally, we have provided a feature matrix of the two solutions.
  |  By Teleport
The goal of the paper is to identify key challenges and the most promising opportunities for small to medium sized server hosting providers in an era of rapid commoditization driven by AWS.
  |  By Teleport
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

Security and Compliance for Cloud Applications and Infrastructure. Cloud-native application delivery with robust Day-2 operations across many clouds, in restricted, regulated and remote environments.

Get compliance and security best practices out-of-the-box and make it easy for engineers to access SSH and Kubernetes environments across many clouds, data centers and edge devices. Deploy and Run Kubernetes applications on your customers' clouds, on the edge, and even in air-gapped server rooms, without overloading your DevOps teams.

Our products are open-source and based on open standards:

  • Teleport: Access Kubernetes and Linux infrastructure across clouds, datacenters and IoT devices while enforcing industry best-practices for security and compliance.
  • Gravity: Deploy and run cloud-native applications in hundreds of locations where security and compliance matter, on your customers' clouds or on the edge.
  • Teleconsole: Teleconsole is a free service to share your terminal session with people you trust. Your friends can join via a command line via SSH or via their browser over HTTPS. Use this to ask for help or to connect to your own devices sitting behind NAT.

Grow your business across many production environments without having to worry about the vendor lock-in.