Back when we announced Falco, we couldn’t imagine its impact. Ten years later, the Falco project has evolved into a thriving community supporting a full ecosystem for cloud-native security.

To celebrate this milestone, Falco just launched Prempti, an exciting project that connects Falco with AI agents. Also, Sysdig recently donated $70,000 to Falco through the Linux Foundation’s crowdfunding initiative.

Let’s continue the festivities by looking back at these ten years of history, reflecting on the present of the Falco project, and having a sneak peek at what the future of cloud-native will look like.

Falco keeps reaching far

Only two years after being announced, Falco joined the CNCF as a sandbox project. This contribution was a pivotal moment, a rite of passage that cemented Falco as an independent open-source project and sparked community growth.

Projects like falcosidekick soon joined the party, expanding Falco’s capabilities. And when Sysdig contributed its Kernel module, eBPF probe, and libraries to the CNCF in 2021, all of the core components of the Falco stack became part of the CNCF.

Another pivotal moment for Falco was the announcement of Falco plugins in 2022. Falco plugins not only opened the door to cloud security for Falco but also kick-started a community creating plugins for popular SaaS offerings. And also enabled some fun experiments like this pet surveillance plugin.

In 2024, the Falco project became a CNCF Graduated Project. This milestone was an indication of the project's maturity and dependability, but most importantly, it was the culmination of a fantastic amount of work.

Since then, the Falco community has continued to grow. In 2025, Stratoshark combined Wireshark’s functionality with Falco’s deep operational insight. And now, Prempti brings Falco to the AI era, bringing real-time visibility into every tool call your coding agent makes.

A vibrant ecosystem

Publishing a project as open source is easy; the challenge is creating a community capable of sustaining its development. What Falco has achieved goes beyond that, as its community keeps growing and its ecosystem is more alive than ever. This is the best sign of a healthy open-source project.

The numbers don’t lie:

• 175M+ Container image pulls
• 50+ Integrations
• 8,600+ GitHub stars
• 1,600+ contributors

And the trend points to a bright future, showing no signs of slowing.

In the words of Leonardo Grasso, one of Falco Core Maintainers, the key to this success has been putting people before the technology:

When I joined Falco, it was already a powerful engine, but mostly known to a niche of engineers who really cared about syscall-level visibility. Since then, we have seen it graduate in the CNCF, expand beyond syscalls with the plugin framework, and become a foundation that others build on. However, Falco has never been just about the technology. It has always been about the people: the contributors, maintainers, and users who built an open, diverse, and welcoming community around it. I believe our commitment to openness has always been the project's real strength, and it remains an invitation to everyone who wants to join the journey.

When discussing the technical aspects, Alessandro Cannarella, who recently joined the Falco Maintainer team, highlights how Falco enables its users to understand complexity:

To me, Falco's strength is that it makes runtime security practical while staying close to real system behavior. In a world of abstractions, APIs, and platforms, Falco does not hide the complexity of what it protects; it helps people understand and act on it. After ten years, that mix of engineering depth, transparency, and community is still what makes the project stand out.

With such a vibrant ecosystem and passionate leadership, it’s an exciting time to be a Falco contributor.

Sysdig celebrates Falco anniversary with a $70,000 Donation

Back at KubeCon + CloudNativeCon 2026, we announced a $70,000 donation to the Falco project through the Linux Foundation’s crowdfunding initiative. Sysdig’s donation to Falco will further accelerate project innovation, expand community participation, and strengthen its long-term sustainability. The funding from Sysdig will support:

• Feature development grants to speed the delivery of new capabilities.
• Contributor stipends to recognize and retain key contributors.
• Technical writer stipends to improve both documentation and user experience.

Falco celebrates its 10th anniversary expanding to AI

AI agents are a bit like children. When left unsupervised, they can wreak the greatest mayhem. Now that we leave our coding agents running unattended for hours, visibility and guidelines are more important than ever.

To help developers keep track of their AI agents, Falco announced a new project called Prempti, where Falco meets AI Coding Agents.

Prempti provides Real-time visibility into every tool call your coding agent makes — shell commands, file writes and reads, API calls — and cooperative guardrails that can deny or request confirmation for risky actions, evaluated against Falco rules you can customize.

Check more details in the project’s documentation.

Get involved with Falco

At Sysdig, we couldn’t be happier for Falco, and we are excited for what’s to come in the future.

Do you want to learn more about Falco?

Get hands-on with:

• This webinar: Getting started with container runtime security using Falco.
• The Falco community maintained hands-on labs.
• The Runtime Security and Falco 101 course by Sysdig.

If you want to get involved with the Falco project:

• Get started at Falco.org.
• Check out the Falco project on GitHub.
• Get involved with the Falco community.
• Meet the maintainers on the Falco Slack.
• Follow @falco_org on Twitter.