Thursday, July 2, 2026
Cloud Native Now

Cloud Native Now


MENUMENU
  • Home
  • Webinars
    • Upcoming
    • Calendar View
    • On-Demand
  • Podcasts
    • Cloud Native Now Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
  • About
  • Sponsor
MENUMENU
  • News
    • Latest News
    • News Releases
  • Cloud-Native Development
  • Cloud-Native Platforms
  • Cloud-Native Networking
  • Cloud-Native Security
Cloud-Native Security Container/Kubernetes Management Features Kubernetes Governance Kubernetes Security News Social - Facebook Social - LinkedIn Social - X 

Tigera Introduces Lynx, a Unified Control Plane for Kubernetes‑Native AI Agents

July 2, 2026July 2, 2026 Steven Vaughan-Nichols agentic AI, cloud native, container security, kubernetes, Lynx, Tigera
by Steven Vaughan-Nichols

The first Kubernetes AI agent control plane is here.

Tigera, best known for backing the open-source Calico networking and security stack for Kubernetes, is pushing beyond traditional container security with the launch of Lynx. This is a unified control plane designed to manage Kubernetes‑native AI agents at scale.

Techstrong Gang Youtube

While there are other programs that attempt to oversee Kubernetes AI agents, such as ClawManager, Agent Substrate, and Agent Control Plane (ACP), Lynx appears to be the most mature of them. To be exact, Lynx is a Kubernetes‑native, horizontally scalable control plane. It sits in the path of every agent→tool/agent→LLM call. For identity and access management (IAM), it ties into Entra ID/Okta/SPIFFE. It enforces identity, posture and policy, and detects anomalies using eBPF/LSM across Kubernetes clusters. Finally, for policy management, it uses the open-source policy language and evaluation engine, Cedar.  

What that means in practice is Lynx is designed to, drum-roll please: 

  • Discover and inventory AI agents running across Kubernetes clusters.
  • Attach fine‑grained policies that govern what each agent can access and under what conditions.
  • Provide real‑time visibility into agent behavior, interactions, and data flows.
  • Enforce security controls consistently across multi‑cluster and multi‑cloud environments.

Because Lynx is built for Kubernetes‑native agents, Tigera is aiming for a deployment model that aligns with existing platform practices rather than forcing a new silo. Lynx is meant to integrate with your existing Kubernetes clusters on major cloud providers and on‑premises. It’s also built, as you’d expect, to work with Calico-secured environments for consistent network policy and microsegmentation. The platform is designed to operate with popular AI runtimes, frameworks, and model gateways that developers are already using.

This approach is likely to appeal to platform engineering and security teams that want to integrate AI into their existing Kubernetes and cloud-native application protection platform (CNAPP) strategies, rather than managing a parallel AI infrastructure stack.

Why would you need it? Tigera CEO, Ratan Tipirneni, explained in a blog post, “AI agents broke the assumptions security stacks were built on. The enterprise security tooling most organizations run was designed for workloads that are deterministic. A service does roughly the same thing today that it did yesterday. … AI agents don’t work that way. They’re autonomous and non-deterministic. An agent acts on behalf of a user, reaches for whatever tool, LLM, or other agent it needs, carries a delegation chain, and reads untrusted input as it goes. The same agent can take a different path every time it runs.” 

That’s really scary when you think about it. To address these concerns, Tipirneni wrote, Lynx deploys a central registry that catalogs every agent. Shadow agents are flagged and quarantined, and any agent’s actions can be reconstructed end-to-end through OpenTelemetry traces.

Lynx also continuously evaluates every agent against a baseline and surfaces drift and over-permissions the moment they appear, with per-agent sandboxing and pre-built compliance packs mapping to GDPR, HIPAA, SOC 2, and financial services requirements. 

The control plane also gives every agent a verifiable cryptographic identity by integrating with your identity provider (Entra ID, Okta) or via SPIFFE/SPIRE, with no shared secrets. Instead, long-lived API keys give way to short-lived, tightly scoped, auto-rotated tokens. A JSON Web Token (JWT) is minted for each hop of a multi-agent workflow. This way, credentials are scoped to a single hop rather than passed around.

Lynx authorizes every transaction and enforces policy at the gateway. A single default-deny policy governs LLM, MCP, and agent access using the Cedar policy language, evaluated before any call executes. A misbehaving agent can be quarantined instantly, and a high-stakes call can be routed to a human—again, with no agent code changes. Lynx also provides the other controls needed to secure and manage agents, including prompt-injection defenses, rate limiting, guardrails, budgets, spend limits, custom webhooks, MCP multiplexing, aggregation and session management.

Finally, Lynx monitors abnormal behavior. It uses eBPF and LSM to watch every syscall, network call, and file access in the kernel. That way, it can catch credential theft and lateral movement even when an action technically passes policy.

By building Lynx as a Kubernetes‑native control plane, Tigera is betting that enterprises want AI agents to follow the same operational patterns as other cloud‑native applications: declarative configuration, GitOps workflows, and policy‑as‑code. That seems like a very safe bet to me.

  • Click to share on X (Opens in new window) X
  • Click to share on Facebook (Opens in new window) Facebook
  • Click to share on LinkedIn (Opens in new window) LinkedIn
  • Click to share on Reddit (Opens in new window) Reddit

Related

  • ← Why Kubernetes Cost Allocation and Cloud Bills Don’t Match

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Events

UPCOMING WEBINARS

  • CloudNativeNow.com
  • DevOps.com
  • Error
Modernizing Manufacturing: How to Move from Legacy Infrastructure to Cloud-Ready Operations
18 August 2026
Modernizing Manufacturing: How to Move from Legacy Infrastructure to Cloud-Ready Operations
Migrating Self-Managed Apache Solr Workloads to Amazon OpenSearch Service
28 July 2026
Migrating Self-Managed Apache Solr Workloads to Amazon OpenSearch Service
From Pilot to Production: AI that Delivers Business Outcomes
27 July 2026
ADR vs. EDR: Why EDR Isn’t Enough in the AI Era
19 August 2026
ADR vs. EDR: Why EDR Isn’t Enough in the AI Era
DevOps in the Age of AI Native
17 August 2026
DevOps in the Age of AI Native
The Emergence of AI in Performance Engineering
30 July 2026
The Emergence of AI in Performance Engineering

RSS Error: A feed could not be found at `https://securityboulevard.com/webinars/feed/`; the status code is `403` and content-type is `text/html; charset=UTF-8`

Podcast


Listen to all of our podcasts

Press Releases

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Deloitte Partners with Memcyco to Combat ATO and Other Online Attacks with Real-Time Digital Impersonation Protection Solutions

Deloitte Partners with Memcyco to Combat ATO and Other Online Attacks with Real-Time Digital Impersonation Protection Solutions

SUBSCRIBE TO CNN NEWSLETTER

MOST READ

Microsoft Introduces Execution Containers to Keep AI Agents in Check

June 4, 2026

Komodor Brings Autonomous AI to SRE With Reliability-First Cloud Optimization

June 10, 2026

Google OpenRL Tames AI Model Tuning, Kubernetes-Style

June 17, 2026

DevZero Launches Automation Platform to Dynamically Rightsize Kubernetes Clusters

June 9, 2026

Linkerd 2.20, the Latest Release of the Cloud-Native Service Mesh, Arrives

June 24, 2026

RECENT POSTS

Tigera Introduces Lynx, a Unified Control Plane for Kubernetes‑Native AI Agents
Cloud-Native Security Container/Kubernetes Management Features Kubernetes Governance Kubernetes Security News Social - Facebook Social - LinkedIn Social - X 

Tigera Introduces Lynx, a Unified Control Plane for Kubernetes‑Native AI Agents

July 2, 2026 Steven Vaughan-Nichols 0
Why Kubernetes Cost Allocation and Cloud Bills Don’t Match
Container/Kubernetes Management Contributed Content Social - Facebook Social - LinkedIn Social - X 

Why Kubernetes Cost Allocation and Cloud Bills Don’t Match

July 1, 2026 Ozlem Tanrikulu 0
The AI Native Stack Already Exists. We’ve Been Calling It Cloud Native
Features Resources Social - Facebook Social - LinkedIn Social - X 

The AI Native Stack Already Exists. We’ve Been Calling It Cloud Native

June 30, 2026 Alan Shimel 0
How Cloud Native Became the AI Native Stack
Resources 

How Cloud Native Became the AI Native Stack

June 30, 2026 Alan Shimel 0
Rediscovering RocksDB – Embedded Storage in Cloud-Native Applications
Cloud-Native Storage Contributed Content Social - Facebook Social - LinkedIn Social - X Topics 

Rediscovering RocksDB – Embedded Storage in Cloud-Native Applications

June 30, 2026 Swapneswar Sundar Ray 0
  • About
  • Media Kit
  • Sponsor Info
  • Write for Cloud Native Now
  • Copyright
  • TOS
  • Privacy Policy
Powered by Techstrong Group
Copyright © 2026 Techstrong Group, Inc. All rights reserved.
×

Software Testing and Test Automation

1
2
3
4
5
6
7
8

×