惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
News and Events Feed by Topic
V
V2EX
博客园 - 【当耐特】
Vercel News
Vercel News
雷峰网
雷峰网
爱范儿
爱范儿
WordPress大学
WordPress大学
云风的 BLOG
云风的 BLOG
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Microsoft Azure Blog
Microsoft Azure Blog
F
Full Disclosure
有赞技术团队
有赞技术团队
Hugging Face - Blog
Hugging Face - Blog
NISL@THU
NISL@THU
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Attack and Defense Labs
Attack and Defense Labs
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
Microsoft Security Blog
Microsoft Security Blog
腾讯CDC
P
Proofpoint News Feed
B
Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
K
Kaspersky official blog
I
InfoQ
Google Online Security Blog
Google Online Security Blog
L
LINUX DO - 最新话题
Project Zero
Project Zero
Engineering at Meta
Engineering at Meta
V
Visual Studio Blog
AI
AI
Schneier on Security
Schneier on Security
B
Blog RSS Feed
T
Tor Project blog
H
Help Net Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
L
LINUX DO - 热门话题
阮一峰的网络日志
阮一峰的网络日志
S
Security @ Cisco Blogs
T
Threat Research - Cisco Blogs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
C
Cyber Attacks, Cyber Crime and Cyber Security
G
Google Developers Blog
Google DeepMind News
Google DeepMind News
V2EX - 技术
V2EX - 技术
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
A
Arctic Wolf
Webroot Blog
Webroot Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main

Sysdig Blog

Masterclass: AI is more than ChatGPT and LLMs CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace Kubernetes 1.36 - New security features 5 steps to securing AI workloads Marimo OSS Python Notebook RCE: From Disclosure to Exploitation in Under 10 Hours Security briefing: March 2026 The Sysdig MCP server is now available in AWS Marketplace Risk isn’t reduced until you take action: How teams resolve issues in the cloud AI infrastructure security: Why it deserves its own category Three pillars for building effective runtime-powered cloud defense, the right way Closing the cloud security gap with runtime security Seeing risk isn’t stopping it: Why visibility alone isn’t enough TeamPCP expands: Supply chain compromise spreads from Trivy to Checkmarx GitHub Actions AI coding agents are running on your machines — Do you know what they're doing? Runtime security for AI coding agents: Protecting AI-assisted development How runtime insights power every cloud security use case CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours Inline Cloud Response: Accelerating AWS threat containment for SOC teams Runtime malware detection for AWS Fargate Detecting CVE-2026-3288 & CVE-2026-24512: Ingress-nginx configuration injection vulnerabilities for Kubernetes Malware detection with Sysdig Security briefing: February 2026 Leveling up Kubernetes Posture: From baselines to risk-aware admission Eliminating runtime blind spots: How CleanStart and Sysdig build continuous trust across the container lifecycle LLMjacking: From Emerging Threat to Black Market Reality Real risks live at runtime: Why CISOs must care about deep telemetry in 2026 Sysdig named a Leader in the Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026 How to run rootless containers AI-assisted cloud intrusion achieves admin access in 8 minutes Security briefing: January 2026 Securing GPU-accelerated AI workloads in Oracle Kubernetes Engine Bringing OSS runtime security to AWS: Falco integration with AWS Security Hub CSPM Our customers have spoken: Sysdig rated a Strong Performer in Gartner® Voice of the Customer for Cloud-Native Application Protection Platforms Protecting sensitive business data in preparation for the organization's Gen AI VoidLink threat analysis: Sysdig discovers C2-compiled kernel rootkits AI is still a workload: A practical guide to securing AI workloads How threat actors are using self-hosted GitHub Actions runners as backdoors How Sysdig Sage delivers AI-powered, real-world vulnerability management Security briefing: December 2025 Top 10 ways to get breached in 2026 EtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2 Introducing runtime file integrity monitoring and response with Sysdig FIM How to detect multi-stage attacks with runtime behavioral analytics EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks Detecting React2Shell: The maximum-severity RCE vulnerability affecting React Server Components and Next.js The rise of AI agents: How autonomous AI Is transforming cloud security Kubernetes 1.35 - New security features The Urgency of Securing AI Workloads for CISOs Security briefing: November 2025 Quantum and the cloud: Science fiction turned security strategy Cloud security, the right way: What the industry should demand (and why "good enough" isn't) Return of the Shai-Hulud worm affects over 25,000 GitHub repositories Detecting CVE-2024-1086: The decade-old Linux kernel vulnerability that’s being actively exploited in ransomware campaigns What’s old is new again: How to demystify AI security with AIBOMs How agentic cloud security reduces real risks Hunting reverse shells: How the Sysdig Threat Research Team builds smarter detection rules Shifting left with AI and MCP: Sysdig + Amazon Q Developer How Falco and Stratoshark close the gap between open source runtime detection and deep forensic analysis Investigating security issues with ChatGPT and the GitHub MCP server New runc vulnerabilities allow container escape: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 Harden your LLM security with OWASP Security briefing: October 2025 How agentic AI is changing cloud security Kubernetes Incident Response: Detect, investigate, and contain in under 10 minutes Sysdig recognized as a Cloud Security Leader in Latio Tech Cloud Security Market Report AI echolocation of cloud risks using Sysdig & Snyk MCP servers Sysdig MCP Server: Bridging AI and cloud security insights Understanding CVE-2025-49844: “RediShell” Critical Remote Code Execution in Redis How Sysdig secures your containers and Kubernetes Sysdig Security Briefing: September 2025 Cloud security, the right way: The 3 pillars of real-time defense Open source spotlight: Bringing web application security to Falco with Falcoya's Nginx plugin Malicious NPM packages: Are you exposed? AI for SOC teams: 5 cloud security prompts to start your day with Sysdig Sage™ Shai-Hulud: The novel self-replicating worm infecting hundreds of NPM packages ZynorRAT technical analysis: Reverse engineering a novel, Turkish Go-based RAT Modern vulnerability management, built for the cloud Build your AWS incident response playbook with open source tools 2025 Gartner® CNAPP Market Guide: Runtime visibility is no longer optional Threat hunting with Sysdig: Uncovering “IngressNightmare” Open source spotlight: From alerts to action with AI-powered Falco Vanguard From triage to action: How Sysdig’s agentic cloud security platform slashes noise and accelerates remediation The vision comes to life: Agentic cloud security with Sysdig Sage™ Data security findings: A technical deep dive Connecting runtime to source: Sysdig and Semgrep integration Fix what matters, faster: How Sysdig and Semgrep are unifying security without silos – from code to runtime Defending sensitive data with Sysdig Secure Redefining cloud security, the right way Join the movement: The Sysdig Open Source Community is live A smarter, safer cloud in the age of AI Unifying detection and response: Sysdig + Cortex XSOAR for security at cloud speed The future of security is open, and it needs a unified hub: The Sysdig Open Source Community is here CVE-2025-53104: Command injection via GitHub Actions workflow in gluestack-ui Why MCP server security is critical for AI-driven enterprises What’s new in Sysdig — June 2025 AI-powered CNAPP with Sysdig Sage™ Revolutionizing Cybersecurity Search with Sysdig Sage™ Sysdig Threat Bulletin: Iranian Cyber Threats The end of the prioritization-only era: Vulnerability management needs action Dangerous by default: Insecure GitHub Actions found in MITRE, Splunk, and other open source repositories
Securing Kubernetes with agentic cloud security
Eric Carter · 2025-11-19 · via Sysdig Blog

Kubernetes is the foundation for modern cloud-native applications — but it also introduces scale and complexity that shift security requirements. Infrastructure and containers spin up and down in seconds. Workloads move dynamically across clusters. Misconfigurations and zero-days can emerge faster than teams can react.

This is where agentic AI for cloud security is quickly becoming a useful tool to help teams secure what matters fast. Agentic AI reshapes Kubernetes security and cloud workload protection, guiding teams to informed decision points that drive immediate action toward successful security outcomes.

The challenge: Scale, skill gaps, and signal overload

Cloud security teams are under immense pressure. A global shortage of skilled security professionals is impacting our ability to manage all of the exposures and risks that threaten cloud-native environments. Every new deployment, every Helm chart, and every RBAC update expands the attack surface.

Meanwhile, adversaries are using AI to automate reconnaissance, exploit vulnerabilities more quickly, and conceal their movements within ephemeral workloads. The result? Security teams drown in alerts, struggle to distinguish signal from noise, and leave themselves open to risk.

If there has ever been a moment when enterprises need a better way to achieve their security goals, it is now.

Securing Kubernetes - from generative to agentic AI

Generative AI has made a big impact on helping security teams get faster insights to accelerate cloud security — summarizing threats, guiding investigations, and pinpointing misconfigurations. Agentic AI goes a step further. It’s not just conversational; it’s actionable.

With agentic cloud security, AI agents independently identify, prioritize, and even assist in remediating issues across cloud and Kubernetes environments. They act as tireless teammates, continuously analyzing, prioritizing, and suggesting, at machine speed and scale.

Imagine a virtual security analyst that proactively delivers not just alerts about something bad in your Kubernetes estate, but actually does work on your behalf, sorting through signals, data, and all the relevant context to illuminate risk and propose remediation steps automatically.

This isn’t the future — it’s what agentic AI is delivering right now.

Agentic cloud security powered by Sysdig Sage™

At Sysdig, this transformation is already underway with Sysdig Sage™, our agentic AI cloud security analyst. Sysdig Sage enhances speed, precision, and confidence across every stage of the security lifecycle.

Sysdig Sage: Key capabilities

  • Vulnerability triage and remediation: Helps teams focus on the vulnerabilities that truly matter and guides remediation to resolve issues fast.
  • Posture insights: Interprets plain-language queries about infrastructure, workloads, and services to simplify exploration of cloud risk.
  • Threat investigation and response: Interprets security alerts, surfaces business risk, and prescribes actionable steps to stop threats before they escalate.

As part of the Sysdig cloud-native application protection platform (CNAPP), Sysdig Sage acts as a force multiplier for DevSecOps, embedding AI directly into investigation, triage, and remediation workflows. You gain instant access to the context you need, achieving in minutes what used to take hours.

Next, let’s look at three domains of securing Kubernetes — vulnerability management, Kubernetes posture management, and runtime security — to see how AI built on an autonomous agents architecture empowers users to accelerate not just awareness, but also response.

Getting ahead of CVEs with agentic vulnerability management

One of the biggest headaches in Kubernetes security is dealing with common vulnerabilities and exposures (CVEs) found in container images. Traditional vulnerability management is full of friction. It’s notoriously tedious. There are too many vulnerabilities and far too many manual steps. Most organizations spend more time prioritizing a long list than they do actually fixing the issues. With agentic AI working on your behalf, you can address this problem head-on. Here’s how we’re doing it at Sysdig:

Remove the noise

The first step is cutting through the clutter, not as the final goal, but as the foundation for meaningful action. Agentic AI can perform multiple steps to identify true business risk for you. This is work that someone is likely performing today, bouncing between vulnerability lists, a configuration management database (CMDB), and potentially even spreadsheets to identify what really matters.

As a first step, using semantic analysis, an AI agent can identify and categorize key Kubernetes context such as production vs. staging vs. development, application types, and other key insights valuable for filtering a long list of critical CVEs.

Because Sysdig captures critical insights, such as configuration and runtime usage, another step that AI agents can take on your behalf is to prioritize vulnerable packages that are in use, exposed externally, and known to be exploitable.

AI handles the triage, so you don’t have to. In the end, by correlating insights and filtering the long list of CVEs, agentic AI is able to focus you directly on a much smaller list, often reducing the noise by up to 95%.

For every stage, you can ask AI to explain and immediately get a clear, contextual description of the work it performed, why certain vulnerabilities are considered business-critical, and why, for some, some vulnerabilities are worthy of exceptions.

Focus on remediation impact

After arriving at a much more reasonable list of CVEs to address, AI can also help you zero in on high-impact actions. Agentic AI automatically identifies the impact that fixing a particular container image can make on your list of findings.

For example, fixing a single image with seven critical vulnerabilities might reduce 7,000 findings across your environment and address 20% of your overall risk because the image is widely used across many clusters. The result: faster decisions, less wasted effort, and reduced risk.

Accelerate remediation

As a final step, AI can provide your developers with guidance on how to address the relevant CVEs. AI is aware of vulnerabilities from advisories and forums, and other sources where they are explained. Using these insights, agentic AI can generate remediation instructions for your application layer and base image layer, giving clear and specific guidance tailored to your environment.

Through integration with ticketing such as Jira, AI can automate ticket creation and open an issue pre-filled with all relevant fix information and image context.

Remediation isn’t just about fixing; it’s about showing progress. Agentic AI can automatically track progress and plot metrics that help visualize the impact made on vulnerability risk exposure. Ultimately, agentic AI enables security teams to shift from reactive ticket triage to strategic improvement.

Identifying Kubernetes posture risk with AI

Another critical aspect of Kubernetes security is managing the defense of clusters and workloads by monitoring for and correcting misconfigurations. Kubernetes security posture management (KSPM) helps you evaluate configurations, check against compliance requirements, and identify risks.

Security software providers, such as Sysdig, have developed solutions utilizing graph databases to simplify the mapping of relationships between Kubernetes resources, containers, users, security configurations, and risk.

Employing AI as a graph search assistant gives users an easier way to interact with and extract insights from their Kubernetes security data. You can simply express security questions in natural language, which are automatically interpreted and translated into queries that help you seamlessly explore the state of your Kubernetes estate and workloads. In this case, AI helps you to:

  • Understand how Kubernetes components interact and affect each other
  • Target security findings and configurations for security analysis
  • Perform context-driven compliance analysis

AI bridges the gap between investigative goals and the vast amount of low-level data, accelerating posture management workflows such as policy validation.

Learn more about how it works with Sysdig Sage.

Demystifying and accelerating runtime security with AI

Runtime security is a vital component for Kubernetes security. It helps to detect suspicious activity, zero-day exploits, and attacks on your infrastructure and workloads.

Threats that target the exploitation of Kubernetes misconfigurations, supply chain vulnerabilities, inadequate access controls, and other weaknesses are unfortunately common. With the right solutions in place, you can protect your environment through hardening, while also leveraging runtime security to detect and block attempts to compromise it.

The unfortunate result of threat activity is a flood of alerts and telemetry that security analysts must sort through to identify real risk and take action. This is another key area where AI can help you surface and understand the most important events. AI agents can automatically enrich threat alerts with easy-to-understand summaries and high-fidelity context, providing the situational awareness you need to take definitive action more quickly.

In addition, as is the case with Sysdig Sage, a runtime security chat assistant can help teams peel back the layers of security events to quickly understand the nature of threats. A click of a button provides custom insights into the issue you’re investigating. To dive deeper and understand what to do next, you can ask straightforward questions such as:

  • What’s the root cause of this incident?
  • What related alerts should I be aware of?
  • Is this part of a larger compromise?
  • What is the best way to respond to this threat?

This helps reduce time-to-detection and accelerates response in environments where containers often live for only a short period of time.

Learn more about AI-assistance for runtime threats.

Proven Impact: Faster MTTR, lower costs, and greater confidence

The business outcomes of AI-powered cloud security are clear. According to IBM’s Cost of a Data Breach Report 2025, organizations using AI extensively save $1.9 million per breach on average. Google Cloud’s ROI of AI 2025 report found that 77% of companies improved threat identification, and 61% reduced time to resolution

Sysdig customers are already seeing those results:

  • A leading U.S. bank cut incident response costs by 52%
  • A healthcare technology provider improved mean time to respond (MTTR) by 76%
  • Teams report 95% noise reduction in vulnerability management with intelligent prioritization and automation

Kubernetes introduces distinct security challenges. The new battleground is powered by a  human-AI partnership. Having an AI-powered teammate that helps you understand, prioritize, and act can make the difference between containment and compromise.

See agentic AI in action. Watch the webinar: Securing Kubernetes with Agentic AI: From Noise to Clarity.