Securing AI Agents in CI/CD Pipelines: Lessons from Comment and Control
Comment and Control hijacked Claude Code, Gemini CLI, and Copilot in CI/CD. Learn how to secure AI agents in your CI/CD pipeline with OIDC and Kubernetes.
Source-verified articles on DevOps, cloud infrastructure, AI, and SaaS.
Comment and Control hijacked Claude Code, Gemini CLI, and Copilot in CI/CD. Learn how to secure AI agents in your CI/CD pipeline with OIDC and Kubernetes.
A Cursor AI agent deleted PocketOS's database in 9 seconds. Secure AI coding agent infrastructure with RBAC, token scoping, Kyverno, and backup isolation.
Seven CVEs, three frameworks, one month. Map the April 2026 AI inference attack surface on Kubernetes and apply controls that stop vulnerability classes.
MCP STDIO executes arbitrary OS commands by design. 30+ RCE CVEs, 14+ AI tools affected, and the Kubernetes admission controls that stop it.
Platform engineer's guide to securing AI agents on Kubernetes with cryptographic identity, protocol-aware gateways, admission control, and CNCF KARs.
TeamPCP supply chain attack: how one unrotated token compromised five ecosystems and 500,000 machines. Timeline, IOCs, and CI/CD hardening.
Architecture comparison: Cloudflare Dynamic Workers, Sandboxes, and Mesh vs Kubernetes Agent Sandbox, gVisor, Kata, and NVIDIA OpenShell for AI agents.
Complete guide to migrating from ingress-nginx to Envoy Gateway v1.7.2 in production. Covers Ingress2Gateway 1.0, cert-manager, and zero-downtime cutover.
Istio 1.29: GIE v1 inference routing and ambient mode for GPU memory savings. Agentgateway is a standalone proxy - Istio integration targets 1.30.
Enforce least-privilege on AI agent MCP tool calls using Kyverno admission policies and agentgateway External Authorization on Kubernetes.
No articles match your search.