惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

A
About on SuperTechFans
C
Cybersecurity and Infrastructure Security Agency CISA
N
News and Events Feed by Topic
C
Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
A
Arctic Wolf
Scott Helme
Scott Helme
P
Palo Alto Networks Blog
S
Schneier on Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Tor Project blog
量子位
G
Google Developers Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
B
Blog RSS Feed
NISL@THU
NISL@THU
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
AWS News Blog
AWS News Blog
爱范儿
爱范儿
Last Week in AI
Last Week in AI
Y
Y Combinator Blog
L
LINUX DO - 最新话题
Security Archives - TechRepublic
Security Archives - TechRepublic
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
S
Secure Thoughts
Cloudbric
Cloudbric
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
TaoSecurity Blog
TaoSecurity Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Hacker News: Ask HN
Hacker News: Ask HN
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
The GitHub Blog
The GitHub Blog
有赞技术团队
有赞技术团队
S
Security @ Cisco Blogs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
G
GRAHAM CLULEY
P
Proofpoint News Feed
V
V2EX
Martin Fowler
Martin Fowler
C
CERT Recently Published Vulnerability Notes
Attack and Defense Labs
Attack and Defense Labs
C
CXSECURITY Database RSS Feed - CXSecurity.com
The Cloudflare Blog
SecWiki News
SecWiki News
罗磊的独立博客
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
小众软件
小众软件
The Last Watchdog
The Last Watchdog

Sysdig Blog

Masterclass: AI is more than ChatGPT and LLMs CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace Kubernetes 1.36 - New security features 5 steps to securing AI workloads Marimo OSS Python Notebook RCE: From Disclosure to Exploitation in Under 10 Hours Security briefing: March 2026 The Sysdig MCP server is now available in AWS Marketplace Risk isn’t reduced until you take action: How teams resolve issues in the cloud AI infrastructure security: Why it deserves its own category Three pillars for building effective runtime-powered cloud defense, the right way Closing the cloud security gap with runtime security Seeing risk isn’t stopping it: Why visibility alone isn’t enough TeamPCP expands: Supply chain compromise spreads from Trivy to Checkmarx GitHub Actions AI coding agents are running on your machines — Do you know what they're doing? Runtime security for AI coding agents: Protecting AI-assisted development How runtime insights power every cloud security use case CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours Inline Cloud Response: Accelerating AWS threat containment for SOC teams Runtime malware detection for AWS Fargate Detecting CVE-2026-3288 & CVE-2026-24512: Ingress-nginx configuration injection vulnerabilities for Kubernetes Malware detection with Sysdig Security briefing: February 2026 Eliminating runtime blind spots: How CleanStart and Sysdig build continuous trust across the container lifecycle LLMjacking: From Emerging Threat to Black Market Reality Real risks live at runtime: Why CISOs must care about deep telemetry in 2026 Sysdig named a Leader in the Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026 How to run rootless containers AI-assisted cloud intrusion achieves admin access in 8 minutes Security briefing: January 2026 Securing GPU-accelerated AI workloads in Oracle Kubernetes Engine Bringing OSS runtime security to AWS: Falco integration with AWS Security Hub CSPM Our customers have spoken: Sysdig rated a Strong Performer in Gartner® Voice of the Customer for Cloud-Native Application Protection Platforms Protecting sensitive business data in preparation for the organization's Gen AI VoidLink threat analysis: Sysdig discovers C2-compiled kernel rootkits AI is still a workload: A practical guide to securing AI workloads How threat actors are using self-hosted GitHub Actions runners as backdoors How Sysdig Sage delivers AI-powered, real-world vulnerability management Security briefing: December 2025 Top 10 ways to get breached in 2026 EtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2 Introducing runtime file integrity monitoring and response with Sysdig FIM How to detect multi-stage attacks with runtime behavioral analytics EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks Detecting React2Shell: The maximum-severity RCE vulnerability affecting React Server Components and Next.js The rise of AI agents: How autonomous AI Is transforming cloud security Kubernetes 1.35 - New security features The Urgency of Securing AI Workloads for CISOs Security briefing: November 2025 Quantum and the cloud: Science fiction turned security strategy Cloud security, the right way: What the industry should demand (and why "good enough" isn't) Return of the Shai-Hulud worm affects over 25,000 GitHub repositories Detecting CVE-2024-1086: The decade-old Linux kernel vulnerability that’s being actively exploited in ransomware campaigns What’s old is new again: How to demystify AI security with AIBOMs Securing Kubernetes with agentic cloud security How agentic cloud security reduces real risks Hunting reverse shells: How the Sysdig Threat Research Team builds smarter detection rules Shifting left with AI and MCP: Sysdig + Amazon Q Developer How Falco and Stratoshark close the gap between open source runtime detection and deep forensic analysis Investigating security issues with ChatGPT and the GitHub MCP server New runc vulnerabilities allow container escape: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 Harden your LLM security with OWASP Security briefing: October 2025 How agentic AI is changing cloud security Kubernetes Incident Response: Detect, investigate, and contain in under 10 minutes Sysdig recognized as a Cloud Security Leader in Latio Tech Cloud Security Market Report AI echolocation of cloud risks using Sysdig & Snyk MCP servers Sysdig MCP Server: Bridging AI and cloud security insights Understanding CVE-2025-49844: “RediShell” Critical Remote Code Execution in Redis How Sysdig secures your containers and Kubernetes Sysdig Security Briefing: September 2025 Cloud security, the right way: The 3 pillars of real-time defense Open source spotlight: Bringing web application security to Falco with Falcoya's Nginx plugin Malicious NPM packages: Are you exposed? AI for SOC teams: 5 cloud security prompts to start your day with Sysdig Sage™ Shai-Hulud: The novel self-replicating worm infecting hundreds of NPM packages ZynorRAT technical analysis: Reverse engineering a novel, Turkish Go-based RAT Modern vulnerability management, built for the cloud Build your AWS incident response playbook with open source tools 2025 Gartner® CNAPP Market Guide: Runtime visibility is no longer optional Threat hunting with Sysdig: Uncovering “IngressNightmare” Open source spotlight: From alerts to action with AI-powered Falco Vanguard From triage to action: How Sysdig’s agentic cloud security platform slashes noise and accelerates remediation The vision comes to life: Agentic cloud security with Sysdig Sage™ Data security findings: A technical deep dive Connecting runtime to source: Sysdig and Semgrep integration Fix what matters, faster: How Sysdig and Semgrep are unifying security without silos – from code to runtime Defending sensitive data with Sysdig Secure Redefining cloud security, the right way Join the movement: The Sysdig Open Source Community is live A smarter, safer cloud in the age of AI Unifying detection and response: Sysdig + Cortex XSOAR for security at cloud speed The future of security is open, and it needs a unified hub: The Sysdig Open Source Community is here CVE-2025-53104: Command injection via GitHub Actions workflow in gluestack-ui Why MCP server security is critical for AI-driven enterprises What’s new in Sysdig — June 2025 AI-powered CNAPP with Sysdig Sage™ Revolutionizing Cybersecurity Search with Sysdig Sage™ Sysdig Threat Bulletin: Iranian Cyber Threats The end of the prioritization-only era: Vulnerability management needs action Dangerous by default: Insecure GitHub Actions found in MITRE, Splunk, and other open source repositories
Leveling up Kubernetes Posture: From baselines to risk-aware admission
Matt Brown · 2026-02-26 · via Sysdig Blog

For many organizations, Kubernetes posture management tends to start with a small set of common guardrails rather than a deeply opinionated security model.

Some teams rely entirely on default Kubernetes behavior, trusting cluster access controls and hoping developers "do the right thing." Others adopt Pod Security Standards (PSS) as a baseline, using Kubernetes-native guardrails to block the most obviously unsafe workloads.

These approaches are common because they are:

  • Built into the Kubernetes ecosystem
  • Relatively easy for platform teams to adopt
  • Low friction to apply across multiple clusters

In practice, this works reasonably well as an initial posture. Obvious misconfigurations are blocked, expectations are set, and teams can move forward without introducing heavy operational overhead.

Where Kubernetes baselines start to fall short

Modern Kubernetes environments look very different from the environments these baseline controls were originally designed for. Clusters are no longer just running stateless application workloads. They routinely include:

  • Privileged infrastructure components
  • Third-party software with opaque or poorly documented security requirements
  • Workloads that interact directly with cloud APIs, identity systems, and sensitive data

Pod Security Standards are intentionally coarse-grained. They do a good job answering “is this generally safe?” but they aren’t designed to answer more contextual questions — such as whether something is safe here, safe for this workload, or what risk is being accepted by allowing it in the first place.

The result is a familiar operational tradeoff. Teams either relax enforcement broadly and accept the risk, or they enforce strict baselines and slowly accumulate a growing list of exceptions as real workloads break. Over time, those exceptions become the rule, and the original security signal loses its value.

Why posture hasn’t evolved (yet)

Pod Security Standards, enforced through Kubernetes’ built-in Pod Security Admission (PSA), have become the default way many teams introduce admission control. PSA is predictable, well understood, and intentionally limited in scope.

The challenge appears when teams reach the boundaries of what PSS and PSA are designed to express. As environments mature, posture decisions become more contextual, and the tradeoffs become harder to manage:

  • Limited expressiveness:
    PSA evaluates pods against broad security levels, but it cannot reason about workload identity, ownership, environment, or intent.
  • Coarse enforcement boundaries:
    Decisions are typically made at the namespace level, making it difficult to allow risky capabilities in narrowly scoped, well-understood cases without opening the door more broadly.
  • Exception pressure:
    As real workloads accumulate, teams are forced to either loosen enforcement or carve out namespaces that effectively bypass meaningful controls.

Some teams explore more flexible admission frameworks to regain expressiveness. Open-source tools like OPA Gatekeeper and Kyverno provide powerful building blocks, but they also require significant policy design, testing, tuning, and ongoing maintenance. For many organizations, that added complexity becomes a barrier rather than a clear next step.

The result is a natural plateau. PSA remains a safe, built-in baseline, while moving beyond it feels costly and risky to operate at scale.

Reframing posture as a decision point

Up to this point, Kubernetes posture has largely been treated as a static checklist: apply a baseline, enforce it consistently, and handle exceptions as they arise. That approach works when workloads are uniform and risk is easy to generalize.

In practice, posture is not static. It is a decision that Kubernetes already makes every time a workload is created or updated.

In Kubernetes, that decision happens at admission time. Before a pod ever runs, the API server evaluates whether it should be allowed, rejected, or allowed with visibility. Pod Security Admission applies this decision using broad security levels, establishing a necessary floor. What it does not do is reason about context.

A risk-aware posture model builds on that same decision point, but expands what is considered before a workload is allowed to run. Instead of asking only whether a configuration meets a universal standard, teams can evaluate the risk of a workload in its actual environment.

At admission time, that can include questions such as:

  • Where is this workload running, and what does it have access to?
  • What identity does it run as, and how broadly is that identity trusted?
  • What privileges or host access does it require?
  • What image is being deployed, and is it known to be risky?
  • If compromised, what could this workload realistically impact?

When posture is treated as a decision rather than a checklist, risky configurations are no longer simply “allowed” or “blocked” everywhere. They are evaluated in context, and enforcement becomes intentional rather than accidental.

This shift builds on Pod Security Standard, not replaces them. PSS establishes the floor. Risk-aware admission applies context on top, allowing teams to prevent unsafe states before workloads ever reach runtime, without breaking legitimate use cases.

PSA in practice: A concrete example on Amazon EKS

In theory, using Pod Security Admission is straightforward. You choose a Pod Security Standard, apply it to a namespace, and Kubernetes blocks anything that doesn’t meet that baseline. There’s nothing to install and no policy engine to operate. It is literally built into Amazon EKS.

In practice, the experience is both effective and rigid.

What PSA looks like in practice

Create a namespace and label it to enforce the restricted standard:

Command:

kubectl create namespace demo-app
kubectl label namespace demo-app \
 pod-security.kubernetes.io/enforce=restricted

From this point on, every pod admitted to the namespace is evaluated against the same profile.

Create a deployment that requests privileged access:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-test 
  labels:
    app.kubernetes.io/name: nginx-test
    app.kubernetes.io/component: demo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-test
  template:
    metadata:
      labels:
        app: nginx-test
    spec:
      containers:
        - name: nginx
          image: nginx
          securityContext:
            privileged: true

When you apply the manifest, the pod is immediately rejected. The error indicates that the workload violates the restricted Pod Security Standard, and the deployment stops there.

kubectl apply -f nginx.yaml -n demo-app
Warning: would violate PodSecurity "restricted:latest": privileged (container "nginx" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (container "nginx" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "nginx" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "nginx" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nginx" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

This is PSA working exactly as designed.

What’s missing is context. There’s no understanding of why the workload exists, who owns it, or whether the requested privilege is expected in this environment. The decision is binary and scoped to the entire namespace.

If the workload legitimately requires elevated access, the only options are to relax enforcement for everything in that namespace or move the workload elsewhere. Over time, posture drifts because exceptions pile up, not from lack of care, but from a lack of expressiveness.

Why this matters

Pod Security Admission establishes a strong, Kubernetes-native floor. It reliably blocks unsafe defaults before workloads ever run. What it does not do is reason about risk. Differentiating between “unsafe by default” and “risky but intentional” requires context that PSA is not designed to evaluate.

That gap is where teams begin looking for more risk-aware admission decisions.

Moving beyond baselines: Adding context with Sysdig

Pod Security Admission gave us a clean failure. It did exactly what it was designed to do: block a privileged container in a restricted namespace.

That’s the baseline. Now let’s replay the same deployment.

Subtlety beyond namespace

PSA is intentionally rigid. It evaluates pods against a security level at the namespace boundary. That makes it great for establishing a baseline, but it also means the decision is blunt:

  • It fails in restricted
  • It passes if you loosen the namespace
  • And every workload in that namespace gets the same treatment

Sysdig admission control keeps the same “admission-time decision point,” but it gives you more precision in how you apply posture.

Instead of only evaluating privileged: true in a vacuum, Sysdig can scope posture decisions using things teams already have. Examples include:

  • Standard Kubernetes application labels (app, component, instance)
  • Helm origin to identify “this came from that chart”

Sysdig posture scoping

That means you’re no longer stuck with “namespace = policy.”

You can scope posture expectations to workload attributes such as labels and Helm metadata, allowing more granular enforcement across clusters and namespaces without relying solely on namespace-level boundaries.

From binary enforcement to profile-driven posture

Once posture is no longer tied strictly to the namespace boundary, something more interesting becomes possible.

You’re no longer limited to a single security level applied everywhere. Instead, you can apply different control sets to different groups of workloads.

With PSA, enforcement is effectively binary:

  • A namespace enforces restricted, or it doesn’t.
  • A pod violates the level, or it passes.

With Sysdig, posture can be evaluated against multiple standards and control sets, and applied selectively based on workload identity.

Sysdig standards and control sets

That means different resource groupings can be evaluated against completely different expectations, for example:

  • Platform workloads can be evaluated against controls aligned to CIS benchmarks
  • Application workloads can be evaluated against OWASP-aligned controls
  • Sensitive workloads can include additional custom organizational checks

Now posture is no longer just PSS. It’s more flexible. It’s more realistic. Because real clusters aren’t uniform.

The subtlety PSA can’t express: Two privileged workloads

Imagine two pods that both request privileged access:

  1. A known infrastructure DaemonSet, maintained by platform engineering, deployed via an approved Helm chart
  2. A random application workload, deployed from an unfamiliar image, with obvious red flags

PSA sees the same thing for both:

  • privileged: true

Sysdig can still start with that signal, but it can reach a different decision because it can distinguish between workloads, for example via:

  • Labels and ownership metadata (platform vs app)
  • Helm chart identity (known release/chart vs unknown)

Those are different risk profiles.

One might be allowed with tight guardrails because it’s understood and intentional. The other is rejected.

That’s the upgrade: posture stops being a static checklist and becomes an informed, targeted decision, without redesigning your entire namespace layout just to express intent.

Granular exceptions without losing signal

One of the operational challenges with baseline-only enforcement is exception sprawl. When a legitimate workload violates policy, teams often relax enforcement at the namespace level or create broad carve-outs that unintentionally reduce overall posture strength.

A more precise admission model allows exceptions to be scoped narrowly. Instead of disabling enforcement for an entire namespace, teams can define exceptions at a much more granular level. This can be as narrow as a single control finding for a single workload.

Sysdig findings exception

This ensures that exceptions are explicit, documented, and limited in scope. The goal is not to eliminate exceptions, but to prevent exceptions from becoming permanent policy gaps. Granularity preserves signal. It allows teams to maintain strong posture controls while acknowledging operational realities.

Vulnerability-aware admission

This is where admission control becomes more risk-informed.

Pod Security Admission does not evaluate the vulnerability posture of container images. It has no visibility into:

  • Whether an image contains critical CVEs
  • Whether those CVEs are exploitable
  • Whether fixes are available

Sysdig admission control can incorporate vulnerability findings directly into the admission decision.

For example, policies can be defined to:

  • Block images with critical vulnerabilities where a fix is available
  • Block images containing specific CVEs
  • Allow only images that exclude certain packages
  • Require zero High+ vulnerabilities in production namespaces

Sysdig vulnerability profile

Revisiting the same nginx example, the workload might be rejected not simply because it is privileged, but because:

  • The image contains multiple critical vulnerabilities
  • Fixes have been available for more than 30 days
  • A known exploit exists
  • The workload is being deployed into a production namespace
kubectl apply -f nginx.yaml -n demo-app
Error from server: error when creating "nginx.yaml": admission webhook "vac.secure.sysdig.com" denied the request:
[VM Engine] Failed checks for container nginx. Failing policies: [AC Policy]
Violations:
x Severity greater than or equal critical

That is not a configuration-only decision. It is a risk-based posture decision.

Runtime reality

Admission control makes a decision at a specific point in time. It evaluates configuration, image risk, and deployment context before a workload ever starts. What it cannot evaluate is behavior.

A workload may satisfy every posture control and still be vulnerable to exploitation after deployment. Even well-configured, tightly restricted applications can contain software flaws, misconfigurations in dependent services, or logic errors that only surface at runtime.

In many environments, certain workloads are intentionally granted elevated privileges. That elevation may be necessary for operational reasons, but it also increases the potential impact if the workload is compromised.

Whether tightly restricted or deliberately privileged, a compromised workload can abuse its credentials, move laterally across the environment, modify its filesystem, or execute unexpected processes. These actions are not visible in the Kubernetes specification and cannot be fully determined during admission.

Posture controls prevent known unsafe states before a workload begins running. Runtime security addresses what occurs after that decision has been made.

Admission answers: “Should this workload be allowed to start?”

Runtime answers: “Now that it is running, is it behaving as expected?”

In modern Kubernetes environments, both controls are necessary. Configuration compliance reduces risk, but it does not guarantee behavioral safety.

Conclusion

Kubernetes posture often begins with practical guardrails. Pod Security Standards establish a strong, built-in baseline that blocks obvious misconfigurations and raises the overall security floor.

But as environments mature, a single enforcement level applied uniformly across namespaces becomes limiting. Workloads differ in trust, exposure, and operational needs. Effective posture requires decisions that reflect that reality.

By treating admission as a decision point rather than a static checklist, teams can move beyond binary enforcement. Posture can be aligned to workload identity, benchmark standards, and vulnerability risk. It is applied intentionally instead of uniformly.

Although admission reduces risk before workloads start, it cannot account for everything that happens afterward. That is why runtime visibility and enforcement remain essential. Kubernetes security is not a single control, but a series of informed decisions from deployment to execution.