惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - 三生石上(FineUI控件)
Martin Fowler
Martin Fowler
月光博客
月光博客
AI
AI
B
Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
C
CXSECURITY Database RSS Feed - CXSecurity.com
WordPress大学
WordPress大学
GbyAI
GbyAI
L
Lohrmann on Cybersecurity
O
OpenAI News
Schneier on Security
Schneier on Security
P
Palo Alto Networks Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
T
Troy Hunt's Blog
V2EX - 技术
V2EX - 技术
W
WeLiveSecurity
L
LINUX DO - 最新话题
人人都是产品经理
人人都是产品经理
S
Security Affairs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
A
Arctic Wolf
Recorded Future
Recorded Future
Microsoft Security Blog
Microsoft Security Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
G
GRAHAM CLULEY
N
Netflix TechBlog - Medium
TaoSecurity Blog
TaoSecurity Blog
C
Check Point Blog
Scott Helme
Scott Helme
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Apple Machine Learning Research
Apple Machine Learning Research
PCI Perspectives
PCI Perspectives
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Vercel News
Vercel News
The Hacker News
The Hacker News
Y
Y Combinator Blog
Latest news
Latest news
SecWiki News
SecWiki News
Hugging Face - Blog
Hugging Face - Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Google Online Security Blog
Google Online Security Blog
Webroot Blog
Webroot Blog
Google DeepMind News
Google DeepMind News
Recent Commits to openclaw:main
Recent Commits to openclaw:main
C
Cisco Blogs
博客园_首页
H
Hackread – Cybersecurity News, Data Breaches, AI and More
宝玉的分享
宝玉的分享
L
LINUX DO - 热门话题

Sysdig Blog

Masterclass: AI is more than ChatGPT and LLMs CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace Kubernetes 1.36 - New security features 5 steps to securing AI workloads Marimo OSS Python Notebook RCE: From Disclosure to Exploitation in Under 10 Hours Security briefing: March 2026 The Sysdig MCP server is now available in AWS Marketplace Risk isn’t reduced until you take action: How teams resolve issues in the cloud AI infrastructure security: Why it deserves its own category Three pillars for building effective runtime-powered cloud defense, the right way Closing the cloud security gap with runtime security Seeing risk isn’t stopping it: Why visibility alone isn’t enough TeamPCP expands: Supply chain compromise spreads from Trivy to Checkmarx GitHub Actions AI coding agents are running on your machines — Do you know what they're doing? Runtime security for AI coding agents: Protecting AI-assisted development How runtime insights power every cloud security use case CVE-2026-33017: How attackers compromised Langflow AI pipelines in 20 hours Inline Cloud Response: Accelerating AWS threat containment for SOC teams Runtime malware detection for AWS Fargate Detecting CVE-2026-3288 & CVE-2026-24512: Ingress-nginx configuration injection vulnerabilities for Kubernetes Malware detection with Sysdig Security briefing: February 2026 Leveling up Kubernetes Posture: From baselines to risk-aware admission Eliminating runtime blind spots: How CleanStart and Sysdig build continuous trust across the container lifecycle LLMjacking: From Emerging Threat to Black Market Reality Real risks live at runtime: Why CISOs must care about deep telemetry in 2026 Sysdig named a Leader in the Forrester Wave™: Cloud Native Application Protection Solutions, Q1 2026 How to run rootless containers AI-assisted cloud intrusion achieves admin access in 8 minutes Security briefing: January 2026 Bringing OSS runtime security to AWS: Falco integration with AWS Security Hub CSPM Our customers have spoken: Sysdig rated a Strong Performer in Gartner® Voice of the Customer for Cloud-Native Application Protection Platforms Protecting sensitive business data in preparation for the organization's Gen AI VoidLink threat analysis: Sysdig discovers C2-compiled kernel rootkits AI is still a workload: A practical guide to securing AI workloads How threat actors are using self-hosted GitHub Actions runners as backdoors How Sysdig Sage delivers AI-powered, real-world vulnerability management Security briefing: December 2025 Top 10 ways to get breached in 2026 EtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2 Introducing runtime file integrity monitoring and response with Sysdig FIM How to detect multi-stage attacks with runtime behavioral analytics EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks Detecting React2Shell: The maximum-severity RCE vulnerability affecting React Server Components and Next.js The rise of AI agents: How autonomous AI Is transforming cloud security Kubernetes 1.35 - New security features The Urgency of Securing AI Workloads for CISOs Security briefing: November 2025 Quantum and the cloud: Science fiction turned security strategy Cloud security, the right way: What the industry should demand (and why "good enough" isn't) Return of the Shai-Hulud worm affects over 25,000 GitHub repositories Detecting CVE-2024-1086: The decade-old Linux kernel vulnerability that’s being actively exploited in ransomware campaigns What’s old is new again: How to demystify AI security with AIBOMs Securing Kubernetes with agentic cloud security How agentic cloud security reduces real risks Hunting reverse shells: How the Sysdig Threat Research Team builds smarter detection rules Shifting left with AI and MCP: Sysdig + Amazon Q Developer How Falco and Stratoshark close the gap between open source runtime detection and deep forensic analysis Investigating security issues with ChatGPT and the GitHub MCP server New runc vulnerabilities allow container escape: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 Harden your LLM security with OWASP Security briefing: October 2025 How agentic AI is changing cloud security Kubernetes Incident Response: Detect, investigate, and contain in under 10 minutes Sysdig recognized as a Cloud Security Leader in Latio Tech Cloud Security Market Report AI echolocation of cloud risks using Sysdig & Snyk MCP servers Sysdig MCP Server: Bridging AI and cloud security insights Understanding CVE-2025-49844: “RediShell” Critical Remote Code Execution in Redis How Sysdig secures your containers and Kubernetes Sysdig Security Briefing: September 2025 Cloud security, the right way: The 3 pillars of real-time defense Open source spotlight: Bringing web application security to Falco with Falcoya's Nginx plugin Malicious NPM packages: Are you exposed? AI for SOC teams: 5 cloud security prompts to start your day with Sysdig Sage™ Shai-Hulud: The novel self-replicating worm infecting hundreds of NPM packages ZynorRAT technical analysis: Reverse engineering a novel, Turkish Go-based RAT Modern vulnerability management, built for the cloud Build your AWS incident response playbook with open source tools 2025 Gartner® CNAPP Market Guide: Runtime visibility is no longer optional Threat hunting with Sysdig: Uncovering “IngressNightmare” Open source spotlight: From alerts to action with AI-powered Falco Vanguard From triage to action: How Sysdig’s agentic cloud security platform slashes noise and accelerates remediation The vision comes to life: Agentic cloud security with Sysdig Sage™ Data security findings: A technical deep dive Connecting runtime to source: Sysdig and Semgrep integration Fix what matters, faster: How Sysdig and Semgrep are unifying security without silos – from code to runtime Defending sensitive data with Sysdig Secure Redefining cloud security, the right way Join the movement: The Sysdig Open Source Community is live A smarter, safer cloud in the age of AI Unifying detection and response: Sysdig + Cortex XSOAR for security at cloud speed The future of security is open, and it needs a unified hub: The Sysdig Open Source Community is here CVE-2025-53104: Command injection via GitHub Actions workflow in gluestack-ui Why MCP server security is critical for AI-driven enterprises What’s new in Sysdig — June 2025 AI-powered CNAPP with Sysdig Sage™ Revolutionizing Cybersecurity Search with Sysdig Sage™ Sysdig Threat Bulletin: Iranian Cyber Threats The end of the prioritization-only era: Vulnerability management needs action Dangerous by default: Insecure GitHub Actions found in MITRE, Splunk, and other open source repositories
Securing GPU-accelerated AI workloads in Oracle Kubernetes Engine
Manuel Boira · 2026-02-02 · via Sysdig Blog

Artificial Intelligence and Machine Learning workloads are grounded in established software engineering and infrastructure principles. While AI and ML lifecycles introduce new operational constraints, they still execute as workloads on compute, storage, and networking platforms, fitting naturally within familiar IaaS, PaaS, and SaaS delivery models (AI is still  a workload somewhere).

Organizations either deploy AI systems on their own infrastructure or consume models as managed services. In this article, we focus on AI applications deployed on Kubernetes and cloud infrastructure, with particular attention to Oracle Cloud Infrastructure (OCI) and Oracle Kubernetes Engine (OKE).

OCI is increasingly adopted for security, compliance, and data sovereignty reasons. Thanks to its cost efficiency, and strong alignment with enterprise and regulatory requirements, OCI provides a solid foundation for AI and high-performance computing (HPC) applications. Features such as RDMA-enabled networking (high-bandwidth, ultra-low latency) are especially relevant for highly demanding parallel computing workloads (financial, automotive, aerospace, biomedical, GenAI, BigData).

Emerging attack surface

The AI threat surface spans a layered stack (physical CPU and GPU, virtualization layers up through models, data, inference, agents, applications, and APIs). MLOps platforms such as Kubeflow and MLflow manage model artifacts and training pipelines tightly coupled to shared data stores.

At runtime, inference engines such as vLLM and TensorRT-LLM execute with high privilege and sustained GPU access. In Kubernetes environments, stacks such as llm-d provide distributed serving primitives around model workers, while platforms such as NVIDIA Triton Inference Server provide a production grade inference server for multiple model backends.

Above this, agent layers built with frameworks like LlamaIndex or LangChain dynamically connect models, tools, and data before exposing functionality through application and API layers. These layers are tightly interconnected, weaknesses at any point can propagate upward, resulting in model theft, data exposure, or large-scale GPU abuse.

OCI Shared responsibility model

OCI and OKE provide a solid, well-managed platform, but attackers focus on what you deploy on top of it. Under OCI’s shared responsibility model, Oracle manages the control plane, while customers are responsible for application security and most data-plane operations. Below are examples of how this model works.

Core responsibilities

  • Oracle fully manages and operates the Kubernetes control plane (API server, etcd, core controllers) as a managed service, including availability and CNCF-conformant behavior.​

Shared operations

  • Control plane upgrades are shared: Oracle releases supported versions and performs the upgrade, but you must initiate upgrades via Console/API/CLI.​
  • Data plane responsibilities are shared: Oracle supplies images and core data-plane components (kubelet, kube-proxy, flannel), and you manage worker nodes and workloads using those images.​

Security and patching

  • For control plane vulnerabilities, Oracle patches affected clusters; for data-plane vulnerabilities, Oracle provides patched images and you must roll them out to your nodes.​

Support scope

  • Oracle Support covers OKE-provided components and integrations (API server connectivity, cluster operations, CCM integrations, network components like CoreDNS/kube-proxy).​
  • Oracle Support excludes how-to Kubernetes usage, third-party software (e.g., Istio, Helm), unsupported Kubernetes versions, upstream bugs, and alpha features.​

Application and networking ownership

  • You are solely responsible for cluster networking configuration, application networking (LBs, ingress, network policies), observability (logs/metrics), app health/performance, security, and all workloads running in the cluster.​


AI threat proliferation

Attacks are increasing in volume, sophistication, and impact. Over the past several months, many notable incidents have highlighted how rapidly threats are evolving:

July 2025 - LangFlow Server RCE vulnerability → Unauthenticated AI pipeline takeover.

July 2025 - Nvidia Container Escape → Container-to-host GPU escape.

Nov 2025 - ShadowRay 2.0 → AI inference server exploit and cloud malware.

Nov 2025 - Keras Supply Chain Vulnerability → ML dependency supply-chain abuse.

Jan 2026 - IBM Bob duped to run malware → Trusted AI agent compromise.


For deeper analysis and additional examples, see the Sysdig Threat Research Team content.

Lessons learned

Most of these attacks are executed inside running workloads, often entering through supply-chain weaknesses or zero-day exploits and escalating via over-privileged GPU runtimes, exposed inference services, or misconfigured data and vector stores.

Consequently, we must lend special attention to:

Real time behavior
Even with a strong security posture, zero-day and supply-chain attacks can bypass preventive controls, making runtime protection essential for detecting and stopping abnormal behavior in AI and GPU workloads. In LLM-based systems, for example, prompt-based attacks can lead to resource hijacking and unintended compute abuse.


A single metric is not enough. As we saw with ShadowRay 2.0, attackers kept a low GPU usage to avoid triggering alerts. An effective security approach has to correlate multi-domain information in real time.

Security posture and guardrails
CI/CD security and Kubernetes security posture management (KSPM) platforms can prevent attacks early by detecting poisoned dependencies, exposed AI services, and unsafe GPU or Kubernetes configurations, while enforcing least-privilege IAM, trusted images, and hardened GPU node pools.

This Datadog chart is aligned with the attack trends we observed.


The Sysdig approach to AI workload protection

Sysdig protects AI workloads by aligning its CNAPP platform around three foundational pillars.

Runtime insights provide deep, real-time visibility into AI and GPU workloads with multi-domain correlation.

Agentic AI that takes precise action for detection and response to stop threats as they execute, from inference server exploits to container escapes.

Open innovation underpins the platform, leveraging open source, transparent policies, and customer-controlled rules to build trust and keep teams in control. Together, these pillars span the full AI lifecycle, ensuring production-grade applications remain secure without sacrificing performance or velocity.

Securing OKE clusters with GPU nodes

High level architecture

Sysdig Secure with OCI and OKE accelerated by GPU. Architecture Reference

Learn more by downloading the whitepaper Operational Security for OKE GPU-Accelerated AI Applications

AI workload protection, the right way

Defending your AI attack surface against threats requires leveraging key security best practices and capabilities.

Harden posture as early as possible

CI/CD vulnerability and risk management prevent AI attacks by blocking poisoned dependencies, exposed services, and unsafe GPU/Kubernetes configs before deployment. Sysdig runtime insights reduce the noise, helping with a clean prioritization.

  • IaC scan with drift detection
  • Supply Chain, Container Images & SBOMs
  • Continuous Posture & Compliance (Cloud, Containers, OS, Kubernetes cluster)
  • Risk management and inventory (advanced exposure, sensitive data access)
  • Runtime Insights prioritization

Protect the runtime perimeter. Always on.

Zero-days and supply-chain flaws still occur, so runtime detection is critical to stop abnormal behavior in AI and GPU workloads.

  • Almost Real-time Detection and Response
  • AI-Powered Threat Intelligence
  • Multi-Domain Correlation
  • Forensic Analysis
  • Network Topology

Be ready to respond at cloud speed


When the cost of a cloud breach is $4.45 million, security teams need to respond fast to attackers. Sysdig redefined the detection and response benchmark with the Sysdig 555. Here's how:

  • Agentic AI security (Sysdig SAGE)
  • Advanced Response Actions
  • Built-in Automations Framework

Want to learn more? Explore the Sysdig Secure website.

Blueprints and Landing Zones

Security for GPU-accelerated Kubernetes clusters should not be an afterthought. Security must be addressed from the earliest design phase, which is why starting from a well-defined landing zone or blueprint is important to ensure clusters are secure by default.

Oracle addresses this need through a growing set of OCI Kubernetes blueprints for AI applications, including reference architectures for large language models. These blueprints provide validated infrastructure designs, recommended GPU and node profiles, required software components, and baseline monitoring configurations. They allow teams to move faster while avoiding ad-hoc, insecure deployments when adopting new architectures.

Sysdig and Oracle Kubernetes Engine jointly developed a Quick Start blueprint that focuses specifically on security. This blueprint enables one-click deployment of OKE clusters with Sysdig Secure integrated by default, using Terraform and aligned with OCI Quick Start standards. The goal is to make runtime security, visibility, and threat detection part of the initial cluster design, rather than something retrofitted after workloads are already running.

Security operationalization

Modern security teams understand that tools only provide value when they are properly integrated and used in day-to-day operations. This usually means fitting new tools into an existing security stack. This is especially true for SOC teams, which tend to have well-established views on workflows, data ownership, and response automation.

Because operational models vary widely, teams need to make deliberate choices around integrations, ownership, and response patterns. To determine how Sysdig should be deployed within your security stack, consider the following questions.

  • What service levels does your company need?
    Sysdig can operate as a near real time detection and enrichment layer across cloud environments, producing high quality security signals and supporting timely response actions.
  • Do you need long-term retention and correlation?
    Sysdig can selectively enrich and forward security events, reducing noise and limiting what needs to be retained in the SIEM. This helps lower operational effort and data ingestion costs.
  • Is your organization subject to regulatory requirements?
    Sysdig integrates with risk, asset, and compliance management platforms to support regulated environments and ongoing compliance processes.
  • How much control does your security team have over the code-to-cloud pipeline?
    Sysdig integrates with SCA, SAST, and ASPM tools to provide security context across the build, deploy, and runtime stages.
  • How far do you take automation?
    Through APIs and integrations with SOAR platforms, Sysdig supports automated and customized security workflows.
  • Do you work with managed security service providers?
    By integrating with SIEM, SOAR, and case management systems, Sysdig can support collaboration with external providers while preserving visibility and control.

Closing thoughts

OKE on OCI delivers a resilient and compliant foundation for GPU accelerated AI workloads, but responsibility for securing the applications running on top ultimately rests with you.

While much of the security industry focuses on analyzing outputs and adding guardrails at the prompt layer, infrastructure, supply chain, and runtime security remain essential first class concerns. The emerging AI threat landscape and new technology stacks demand a dedicated security approach.

Sysdig provides AI workload protection capabilities to address this challenge, including near real time detection, security signal enrichment to reduce noise and lower costs, and strong integration with compliance and security operations platforms.


Read more about Sysdig and Oracle Cloud:

OCI Blog Post

Sysdig and Oracle

Download the full whitepaper here.