KubeCon Europe is the largest open source community conference in Europe, with hundreds of sessions—many of them focused on security. The event took place last week at the ExCeL Centre in London, drawing over 13,000 attendees. In this blog, we recap our favorite talks.
Kubernetes has entered its second decade, and this year’s KubeCon felt markedly different from past editions. The hype and glitz have noticeably faded—it almost felt like CNCF intentionally avoided competing with Black Hat on flashiness. Instead, the conference leaned hard into operationalization, with keynotes spotlighting real-world adoption stories, academic use cases, and AI integrations. True to CNCF tradition, the open source community remained a central theme.
But this shift also came with tradeoffs: fewer offensive security talks and more sessions focused on secure operations and enterprise adoption. Whether that’s a good thing likely depends on your vantage point—but for those of us deep in cloud security, it reflected a maturing ecosystem prioritizing stability, scale, and long-term viability.
And now, our favorite sessions:
Lior Lieberman from Google and Igor Velichkovich bravely took on a notoriously hard concept of Network Policies. Their talk highlighted the lack of mTLS for internal service communication and the shortcomings of current NetworkPolicy implementations. These challenges mirror issues we raised in a previous Kubernetes Security Report, especially around lateral movement risks. The session also proposed architectural and implementation strategies worth following closely in future updates.
It’s good to see AI identity finally getting the attention it deserves. Raz Cohen from Permit.io argued that existing identity frameworks fall short when applied to AI agents and services. His session proposed a new vision—and architecture—for AI-native access control. This space is just beginning to evolve, and the ideas presented here could be foundational.
Jakub Suchy’s short sponsored keynote was one of the more compelling ones. He introduced HAProxy’s work on an AI Gateway—a traffic-routing solution tailored for AI services—and detailed the real-world security challenges in prompt protection. The key tension: using AI to secure AI introduces performance and reliability tradeoffs. This felt like a teaser for a much deeper 30-minute session. We hope he expands it in a future event.
A continuation of research first presented at KubeCon EU 2023, this talk showcased new image obfuscation techniques and stressed limitations in current software composition analysis (SCA) tools. More importantly, it didn’t just point out problems—it proposed practical improvements for SBOM generation algorithms, a rare but welcome move.
We gave a talk focused on what Kubernetes security will look like in the next five years—drawing lessons from working with half of the Fortune 100. The central idea: as Kubernetes use cases grow (thanks to its extensibility), threat models evolve, which, in turn. drives changes in security controls. That evolution will demand new types of security controls.
Three areas we emphasized:
Securing AI workloads — and the new security layers required .
Vulnerabilities in peripheral components — hello, #IngressNightmare.
Cloud-cluster integration — because cloud security problems don’t stop at the Kubernetes boundary.
See the slides from the talk here.
We highly recommend attending KubeCon Europe! And if you’re interested in more beginner-level information on Kubernetes, see our CloudSec Academy section on Kubernetes Security Best Practices, or download our guide to Kubernetes Security for Dummies.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。