Building on years of solid experience in Kubernetes network security, Lynx provides AI, platform, security, and compliance teams with a central point of contact to discover, authenticate, authorize, control, and audit any AI agent all without making any changes to the agent code.
Tigera , the developer and maintainer of Calico Open Source, announced the general availability of Tigera Lynx, a unified control plane for Kubernetes-native AI agents. Lynx allows organizations to centrally manage all agents in their Kubernetes environment, improve security, assign sandboxing, assign cryptographic identities to each agent, enforce policies for every action, review agent activity, and detect anomalous behavior all without modifying a single line of agent code.
AI agents don’t behave like the workloads for which enterprise security infrastructures were originally designed. They are autonomous and non-deterministic: they act on behalf of a user, access any tools, LLMs, or other agents, have a chain of delegation, and read untrusted input. As a result, three teams view the same problem from different perspectives: the AI team wants to experiment with the latest technology and move quickly; the platform engineering team is measured by deployment speed but cannot demonstrate that the platform is under control; and the security team is asked to approve agents for whose security posture it cannot guarantee. Valid credentials do not guarantee flawless behavior, and the scope of damage shifts every time a new agent or tool goes live or when there are changes to the platform.
Also Read: GitKraken Introduces Code Flow, a Framework for Software Development in the Agentic Era
Lynx sits in the path of every agent call from agent to agent, from agent to tool, and from agent to LLM to authenticate, authorize, mediate, and verify each one. It integrates with the tools organizations already use, including their identity providers (EntraID, Okta) or via SPIFFE/SPIRE, as well as existing observability systems, and is based on open standards rather than proprietary bindings.
One control level, five functions
- Discovery, registration, and observability. A central registry catalogs each agent with its owner, purpose, and version, while eBPF-powered automatic discovery tracks down unregistered agents. Shadow agents are flagged and quarantined, and the actions of each agent can be end-to-end reconstructed through OpenTelemetry traces.
- Configuration and security status management. AI-CSPM continuously assesses each agent against a baseline and immediately detects deviations and excessive permissions as soon as they occur – with per-agent sandboxing and pre-built compliance packages that meet the requirements of GDPR, HIPAA, SOC 2, and financial services regulations. A red team agent continuously scans for security status vulnerabilities and misconfigurations.
- Identity and authentication. Each agent receives a verifiable cryptographic identity through integration with a company’s identity provider (EntraID, Okta) or via SPIFFE/SPIRE, without shared secrets. Long-lived API keys are replaced by short-lived, strictly limited, and automatically rotating tokens. A JWT token is generated for each step in a multi-agent workflow.
- Policy definition and enforcement. A single “default deny” policy governs access for LLM, MCP, and agents using the Cedar policy language and is enforced at the gateway before any call is executed without any changes to the agent code. Misbehaving agents can be immediately quarantined, and high-risk calls can be escalated to a human.
- Detection of anomalous behavior. eBPF and LSM monitor every system call, network call, and file access at a level that agents cannot manipulate, thus detecting credential theft and lateral movement, even if an action complies with policies. This provides a forensic audit trail. The Guardian Agent detects anomalous behavior and isolates suspicious agents.
10 years of experience in Kubernetes security, now extended to AI agents and AI applications.
“For over a decade, Tigera Global’s Calico platform has supported 2000 companies running the world’s largest Kubernetes platforms, securing tens of millions of business-critical transactions daily. AI agents are the next generation of workloads: autonomous, distributed, and increasingly embedded in critical business processes. Lynx brings the same unified control and security discipline to AI agents. We are building on our core competency – providing high-performance security for business-critical workloads at scale on Kubernetes,”: said Ratan Tipirneni, CEO of Tigera.
“Control is only meaningful if it is enforced consistently. Lynx assigns each agent a cryptographic identity, restricts access rights to a single hop, and evaluates every LLM, MCP, and tool call against a default deny policy at the gateway without any changes to the agent code. Because we monitor behavior with eBPF and LSM in the kernel, we can detect when an agent is malfunctioning, even if it has valid credentials, and establish a reproducible audit trail to prove it.”: said Peter Kelly, Chief Technology Officer of Tigera.
Source: PRNewswire