



















Tigera has announced the general availability of Tigera Lynx, a unified control plane for Kubernetes-native AI agents. Lynx gives enterprises a single place to find every agent in their Kubernetes estate, tighten security posture, assign sandboxes, provide each agent with a cryptographic identity, enforce policy on every action it takes, audit agent activity, and detect anomalous behavior, all without changing a line of agent code.

AI agents do not behave like the workloads enterprise security stacks were built to manage. They are autonomous and non-deterministic: acting on behalf of users, accessing tools, LLMs, and other agents, operating through delegation chains, and consuming untrusted input. As a result, three teams often view the same challenge from different perspectives. AI teams want to experiment with new technologies and move quickly.
Platform engineering teams are measured on deployment velocity but cannot easily prove the platform is under control. Security teams are asked to approve agents without being able to confidently assess their security posture. A valid credential does not guarantee safe behavior, and the blast radius can change every time a new agent, tool, or platform update is introduced.
Lynx sits in the path of every agent call, agent-to-agent, agent-to-tool, and agent-to-LLM, to authenticate, authorize, mediate, and audit each one. It plugs into the tools enterprises already run, including their identity provider (EntraID, Okta) or via SPIFFE/SPIRE, and existing observability systems, and is built on open standards rather than proprietary lock-in.
“For over a decade, Tigera’s Calico platform has served Global 2000 companies running the largest Kubernetes platforms in the world, securing tens of millions of mission-critical transactions every day. AI agents are the next class of workloads: autonomous, distributed, and increasingly embedded in critical business processes. Lynx brings that same unified control and security rigor to AI agents. We’re building on our core competency — securing mission-critical workloads at scale on Kubernetes, in a highly performant way,” said Ratan Tipirneni, CEO of Tigera.
“Control only matters if it’s enforced uniformly. Lynx gives every agent a cryptographic identity, scopes credentials to a single hop, and evaluates every LLM, MCP, and tool call against a default-deny policy at the gateway — with no agent code changes. Because we watch behavior with eBPF and LSM at the kernel, we can detect an agent going wrong even when it carries a valid credential, and produce a reproducible audit trail to prove it,” said Peter Kelly, Chief Technology Officer of Tigera.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。