Blog

Source-verified articles on DevOps, cloud infrastructure, AI, and SaaS.

securityci-cdai-agents +2
18 min read

Securing AI Agents in CI/CD Pipelines: Lessons from Comment and Control

Comment and Control hijacked Claude Code, Gemini CLI, and Copilot in CI/CD. Learn how to secure AI agents in your CI/CD pipeline with OIDC and Kubernetes.

Read →
kubernetessecurityai-agents +2
20 min read

How to Prevent AI Coding Agents from Destroying Your Infrastructure

A Cursor AI agent deleted PocketOS's database in 9 seconds. Secure AI coding agent infrastructure with RBAC, token scoping, Kyverno, and backup isolation.

Read →
kubernetessecurityai-inference +6
18 min read

Securing AI Inference Servers on Kubernetes: Defense-in-Depth for the New Attack Surface

Seven CVEs, three frameworks, one month. Map the April 2026 AI inference attack surface on Kubernetes and apply controls that stop vulnerability classes.

Read →
kubernetessecuritymcp +4
15 min read

MCP STDIO by Design: How the Architecture Exposes 200K AI Servers to RCE and How to Defend at the Infrastructure Layer

MCP STDIO executes arbitrary OS commands by design. 30+ RCE CVEs, 14+ AI tools affected, and the Kubernetes admission controls that stop it.

Read →
kubernetessecurityai-agents +4
15 min read

Securing AI Agents at the Infrastructure Layer: Identity, Gateways, and K8s Governance

Platform engineer's guide to securing AI agents on Kubernetes with cryptographic identity, protocol-aware gateways, admission control, and CNCF KARs.

Read →
supply-chain-securitykubernetesci-cd +4
17 min read

Anatomy of the TeamPCP Supply Chain Campaign: From Trivy to 1,000+ Enterprise Environments

TeamPCP supply chain attack: how one unrotated token compromised five ecosystems and 500,000 machines. Timeline, IOCs, and CI/CD hardening.

Read →
cloudflarekubernetesai-agents +2
15 min read

Cloudflare AI Agent Infrastructure vs Kubernetes-Native: A Platform Engineer's Comparison

Architecture comparison: Cloudflare Dynamic Workers, Sandboxes, and Mesh vs Kubernetes Agent Sandbox, gVisor, Kata, and NVIDIA OpenShell for AI agents.

Read →
kubernetesenvoy-gatewaygateway-api +3
17 min read

ingress-nginx to Envoy Gateway: The Production Migration Guide for Kubernetes Teams

Complete guide to migrating from ingress-nginx to Envoy Gateway v1.7.2 in production. Covers Ingress2Gateway 1.0, cert-manager, and zero-downtime cutover.

Read →
kubernetesistioservice-mesh +3
13 min read

Istio for Platform Engineers: AI Inference Routing, Ambient Multicluster, and the agentgateway

Istio 1.29: GIE v1 inference routing and ambient mode for GPU memory savings. Agentgateway is a standalone proxy - Istio integration targets 1.30.

Read →
kuberneteskyvernomcp +4
17 min read

Securing AI Agent MCP Traffic with Kyverno on Kubernetes: Policy-as-Code for Least-Privilege Agent Governance

Enforce least-privilege on AI agent MCP tool calls using Kyverno admission policies and agentgateway External Authorization on Kubernetes.

Read →

No articles match your search.