惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

云风的 BLOG
云风的 BLOG
IT之家
IT之家
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Visual Studio Blog
博客园 - 司徒正美
美团技术团队
Last Week in AI
Last Week in AI
月光博客
月光博客
博客园 - 叶小钗
MongoDB | Blog
MongoDB | Blog
U
Unit 42
T
Tailwind CSS Blog
GbyAI
GbyAI
T
The Blog of Author Tim Ferriss
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
H
Hackread – Cybersecurity News, Data Breaches, AI and More
酷 壳 – CoolShell
酷 壳 – CoolShell
Google DeepMind News
Google DeepMind News
H
Help Net Security
Hugging Face - Blog
Hugging Face - Blog
爱范儿
爱范儿
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
N
Netflix TechBlog - Medium
B
Blog RSS Feed
大猫的无限游戏
大猫的无限游戏
aimingoo的专栏
aimingoo的专栏
A
About on SuperTechFans
Y
Y Combinator Blog
罗磊的独立博客
D
DataBreaches.Net
有赞技术团队
有赞技术团队
MyScale Blog
MyScale Blog
博客园_首页
博客园 - 三生石上(FineUI控件)
G
Google Developers Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
雷峰网
雷峰网
博客园 - 【当耐特】
Engineering at Meta
Engineering at Meta
博客园 - Franky
M
MIT News - Artificial intelligence
B
Blog
The Cloudflare Blog
Apple Machine Learning Research
Apple Machine Learning Research
I
InfoQ
S
SegmentFault 最新的问题
F
Fortinet All Blogs
阮一峰的网络日志
阮一峰的网络日志
Stack Overflow Blog
Stack Overflow Blog
Microsoft Security Blog
Microsoft Security Blog

Security & Identity

Cloud CISO Perspectives: How AI leverages deep context as the defender’s advantage | Google Cloud Blog Contributing to U.K. financial sector resilience as a critical third party | Google Cloud Blog Meet the 33 cybersecurity startups joining the Gemini Startup Forum | Google Cloud Blog Drive proactive security, prioritize risks with Google Threat Intelligence and Wiz ASM | Google Cloud Blog Shift into high gear with agents: Securing the software-defined vehicle | Google Cloud Blog New IDC study: How Mandiant transforms security into a competitive advantage | Google Cloud Blog Google Cloud confirmed to offer a safer choice for EU public sector organizations with Dutch DPIA approval | Google Cloud Blog Cloud CISO Perspectives: How Google Cloud Security uses AI internally | Google Cloud Blog Securing agentic AI: What's new in VPC Service Controls | Google Cloud Blog Verifiable trust in the AI era: What’s new in Confidential Computing | Google Cloud Blog Choice, compliance, and collaboration: Europe’s path to open digital sovereignty | Google Cloud Blog Driving the UK’s next chapter: From AI potential to agentic reality | Google Cloud Blog Google named a Leader in IDC MarketScape SIEM 2026 Vendor Assessment | Google Cloud Blog Cloud CISO Perspectives: The 4 lessons that guided AI Threat Defense | Google Cloud Blog Powering the next era of Confidential AI Detecting and containing AI-powered threats with Google Security Operations agents Cloud CISO Perspectives: How to build an AI-ready security program for the public sector Introducing Google AI Threat Defense to help you outpace the adversary Cloud CISO Perspectives: How Google + Wiz changes multicloud strategy for CISOs Why cloud infrastructure is the foundation for digital health in 2026 Beyond source code: The files AI coding agents trust — and attackers exploit What's new in IAM: Security, governance, and runtime defense Google named a Leader in the 2026 Gartner Magic Quadrant for Cyberthreat Intelligence Technologies Introducing Agent Gateway ISV ecosystem for security and governance Cloud CISO Perspectives: At Next ‘26, why we’re multicloud and multi-AI Next ‘26: Redefining security for the AI era with Google Cloud and Wiz | Google Cloud Blog Introducing Google Cloud Fraud Defense, the next evolution of reCAPTCHA | Google Cloud Blog Next ‘26: Announcing new partner-supported workflows for Google Security Operations | Google Cloud Blog Cloud CISO Perspectives: How CISOs can pursue technical and cultural resilience (Q&A) | Google Cloud Blog Essential AI and cloud security now on by default Securing AI inference on GKE with Model Armor A Leader in Forrester Wave Sovereign Cloud Platform 2026 See beyond the IP and secure URLs with Google Cloud NGFW Cloud CISO Perspectives: RSAC: AI, security, and the workforce of the future How to build AI agents with Google-managed MCP servers Bringing dark web intelligence into the AI era RSAC ’26: Supercharging agentic AI defense with frontline threat intelligence IAP integration with Cloud Run Why context is the missing link in AI data security Welcoming Wiz to Google Cloud: Redefining security for the AI era Cloud CISO Perspectives: New Threat Horizons report highlights current cloud threats Google named a Leader in IDC MarketScape: U.S. SLG Professional Security Services Introducing the Google Cloud recommended security checklist Cloud CISO Perspectives: How Google approaches critical security topics, from fundamentals to AI Sovereignty and European competitiveness: A partnership-led approach to AI growth Cloud CISO Perspectives: New AI threats report: Distillation, experimentation, and integration Delivering a secure, open, and sovereign digital world Introducing Single-tenant Cloud HSM for more data encryption control Cloud CISO Perspectives: 5 top CISO priorities in 2026
Introducing k8s-aibom on GKE for automated AI bills of materials | Google Cloud Blog
Glen Messenger · 2026-07-14 · via Security & Identity

How should your security team manage shadow AI? Workloads deployed by developers without formal registration can often evade traditional security scanners, because organizations are reluctant to slow down development and compromise stability by demanding privileged Daemonsets, kernel-level access, and manual pod-spec edits.

To break this deadlock, today we are open-sourcing k8s-aibom. This lightweight, unprivileged Kubernetes controller continuously monitors the cluster API and container environments to automatically detect running AI runtimes (like vLLM and Triton) and generate standard CycloneDX Machine Learning Bill of Materials (ML-BOMs). 

By providing automated, audit-grade visibility directly from runtime execution — regardless of whether the workload was formally registered — k8s-aibom can help teams safely move AI projects from pilot to production without developer integration friction.

The architecture of zero friction

k8s-aibom is designed from the ground up to respect both the CISO mandate for total visibility and the SRE mandate for cluster stability. It deploys as a single, unprivileged Deployment in the k8s-aibom-system namespace. It involves zero developer friction — no sidecars, no eBPF kernel modules, no privileged DaemonSets, and no modifications to existing developer pod specifications.

https://storage.googleapis.com/gweb-cloudblog-publish/images/k8s-aibom.max-1700x1700.png

k8s-aibom watches for AI workloads and produces BOMs.

The discovery pipeline executes through four clear stages:

  1. Scrape cluster workloads: The controller continuously monitors KServe resources, Deployments, StatefulSets, DaemonSets, and Jobs across the cluster.

  2. Identify AI stacks: Advanced pattern matching inspects container images, environment variables, and command-line arguments to detect serving runtimes (vLLM, Triton Inference Server, TGI, Ollama), autonomous agent frameworks (LangChain, AutoGen, CrewAI), vector databases and RAG stores (Milvus, Qdrant, pgvector), as well as distributed training jobs and evaluation harnesses.

  3. Generate standard manifests: The controller compiles the discovered artifacts into formal OWASP CycloneDX 1.6 Machine Learning Bill of Materials (ML-BOM) documents.

  4. Export to sinks: The controller attaches the resulting ML-BOM directly to the custom resource status (status.bomDocument) of an in-cluster AIBOM Custom Resource (CR) and routes it to optional external sinks, including Google Cloud Storage buckets and external webhook endpoints.

Application teams do not need to modify their pod specifications, inject sidecar containers, or alter their continuous integration and continuous delivery (CI/CD) pipelines. Furthermore, k8s-aibom treats the Kubernetes cluster state as a pure functional input: Identical cluster inputs produce byte-identical ML-BOM documents. This deterministic property makes k8s-aibom an ideal fit for GitOps workflows, enabling site-reliability engineers (SREs) to perform exact diffs and trigger precise change-detection alerts when AI dependencies drift.

Where existing AIBOM tooling falls short

Many AI BOM solutions offer build-time scanners producing BOMs from artifacts at rest. These tools help you track the code that was intended to be deployed. 

Commercial AI security platforms extend the picture with cloud-native posture management, but typically through external scanning shaped around vendor-specific data models. Few, if any, of these tools help compliance reviewers, security operations (SecOps) teams, and platform engineers understand what is running right now, what is it connected to, and how can we verify those assertions. 

We purpose-built k8s-aibom to bridge that gap. It produces BOMs from live cluster observation rather than artifact scanning, emits standards-conformant CycloneDX 1.6 ML-BOMs that integrate with the broader OWASP and Open Source Security Foundation (OpenSSF) supply-chain ecosystem rather than vendor-proprietary formats, and runs as an unprivileged controller on any conformant Kubernetes cluster — making it complementary to existing build-time and posture-management tooling rather than a replacement for either.

The Confidence Model: Separating intent from inference

For compliance auditors and SecOps engineers, raw telemetry is often noise. Standard monitoring tools indicate that a container is running, but can’t prove whether an AI model was explicitly configured by a platform engineer or dynamically pulled by an autonomous script at runtime. k8s-aibom solves this ambiguity through its deterministic Confidence Model, categorizing discovered assets into distinct tiers:

  1. Declared: Explicitly defined by the customer or developer in the workload configuration (For example, explicitly passed container arguments such as --model meta-llama/Llama-2-7b.) A “declared” confidence detection represents clear human intent.

  2. Inferred: Derived autonomously by the controller's pattern-matching engine through deep inspection of container images, environment variables, and execution profiles. (For example, identifying ^vllm/.* container signatures.)

  3. Unresolved: Applied to workloads where an active AI presence is detected, but exact model parameters, weights, and versions can’t be deterministically established. An “unresolved” confidence detection immediately flags the workload for targeted security review.

This structured taxonomy allows compliance reviewers to instantly separate explicit engineering intent from machine inference, establishing an unassailable chain of trust during audits.

Immutability and least privilege: Building an audit-grade security model

Auditors remain deeply skeptical of standard observability telemetry because logs and metrics can be modified, dropped, and tampered with by compromised nodes or elevated administrators. k8s-aibom establishes an audit-grade evidence trail built on strict least-privilege isolation and data immutability.

The controller operates under a dedicated Kubernetes service account bound to a minimal Identity and Access Management (IAM) Workload Identity. It acts as the sole identity authorized to write BOM records to external storage sinks, requiring only roles/storage.objectCreator permissions.

To satisfy the most stringent audit and evidentiary standards, the Google Cloud Storage external sink implementation enforces DoesNotExist preconditions on object creation. Once an ML-BOM is written to the Cloud Storage bucket, the object becomes cryptographically immutable. 

It can’t be silently overwritten, modified, or retroactively tampered with by compromised cluster actors or rogue workloads. SecOps teams gain absolute assurance that the historical audit log presented to regulators represents an unalterable record of cluster execution.

Accelerating governance readiness: Mapping to global regulatory frameworks

By automating the generation of standardized CycloneDX 1.6 ML-BOMs, k8s-aibom directly bridges the gap between low-level Kubernetes runtime state and high-level governance frameworks. It unblocks stalled GKE AI deployments by providing the foundational empirical data essential to major global standards:

  • EU AI Act: Designed to help organizations align with Article 12 (automated logging and record-keeping for continuous traceability) and Article 50 (transparency obligations for AI systems). By automatically cataloging serving runtimes and agent stacks, the tool helps simplify the gathering of technical evidence that may be needed during compliance audits.

  • NIST AI Risk Management Framework (AI RMF): Provides continuous, empirical asset visibility that can help support the Govern, Map, Measure, and Manage functions, helping shift compliance workflows from purely manual checks toward more automated asset inventory tracking.

  • ISO/IEC 42001:Supports compliance efforts for AI management system asset discovery and tracking, reducing the reliance on manual spreadsheets or periodic snapshot audits for inventory validation.

Getting started

It’s rare that a technical solution like k8s-aibom can help mitigate the multi-faceted problem of shadow AI, impacting CISOs, governance, risk, and compliance teams, SecOps teams, platform engineers, and developers.

To learn more by inspecting the controller, review the CRD definitions, and contribute to the open-source k8s-aibom project, please visit the k8s-aibom GitHub Repository.

Posted in