Kubernetes Security Video Interviews 

Shauli Rozen on Kubescape Achieving CNCF Incubation

, , ,
by Mike Vizard

ARMO CEO Shauli Rozen explains why Kubescape, an open source agent for collecting security telemetry data in Kubernetes environments, has become an incubation level project within the Cloud Native Computing Foundation (CNCF). In today’s cloud-native landscape, runtime security is no longer optional—it’s essential. Rozen breaks down why traditional approaches to cloud security no longer cut it and what has to change.

Kubescape is designed to act as a sensor within Kubernetes clusters, collecting deep runtime telemetry using eBPF. Unlike agentless approaches that scrape metadata or scan snapshots, Kubescape is positioned directly in the execution path of workloads. This allows it to observe real application behavior, detect anomalies, and enforce security policies based on what’s actually happening—not just what was configured at deploy time.

Rozen argues that while agentless tools have their place—primarily due to their ease of deployment—they can’t provide sufficient runtime depth. Runtime decisions require runtime data. For that, a sensor-based approach is essential, particularly when operating at scale across ephemeral, containerized environments. Kubescape’s use of eBPF makes this feasible by leveraging a native, lightweight integration with the Linux kernel.

The project’s open source foundation is more than a philosophical choice. Rozen sees it as a practical one: With more than 100,000 installs, Kubescape’s community support has helped accelerate stability, adoption, and trust—key when you’re deploying agents in sensitive environments. More importantly, it gives DevOps and platform teams the transparency they need to evaluate impact and performance before committing to runtime instrumentation.

It also highlights a broader concern: Organizations are still living with known critical vulnerabilities in production, often hoping they’ll fix them before they’re exploited. Rozen suggests this mindset needs to shift—especially given the availability of techniques like seccomp profiles and network policies that can harden vulnerable components long before patches are applied. Ultimately, Rozen sees a future where open, unified sensors—like Kubescape—can feed runtime intelligence into centralized security platforms. Until then, he advocates for tighter integration between DevSecOps and runtime observability tools, especially as the complexity of distributed environments outpaces traditional scanning and posture management solutions.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1728 posts and counting. See all posts by Mike Vizard