--- title: "Open Source" id: "987561839" type: "page" slug: "open-source" published_at: "2026-05-05T11:02:25+00:00" modified_at: "2026-05-15T09:01:00+00:00" url: "https://accuknox.com/open-source" markdown_url: "https://accuknox.com/open-source.md" excerpt: "Does KubeArmor only support Kubernetes or it can support on-prem deployments like legacy VMs, and pure containerized workloads as well?KubeArmor supports Workloads deployed as k8s orchestrated containers and VM/Bare-Metals workloadsWhat is the deployment architecture for Kubernetes?For Kubernetes, the deployment is..." taxonomy_author: - "Mrinal" --- # Everything You Need To Secure Runtime, AI Models and Agents. Open Source. ## Try our Open Source Community Led Security ## Enforce Runtime Security At The Kernel. Restrict pods, containers, and nodes at the system level using AppArmor, SELinux and BPF-LSM. Created by AccuKnox in 2021 and donated to CNCF trusted by Global 1000 and Cloud Native Unicorns. - Inline / pre-emptive policy enforcement - Zero Trust runtime security across Kubernetes, VMs and bare-metal - Threat Detection & Response (TDR) at the kernel - eBPF observability with zero app changes and many more [View on GitHub](https://github.com/kubearmor/kubearmor) [Read the Docs](https://docs.kubearmor.io/) ## Audit Every TLS Port in Two Steps. ### Lightweight, zero-overhead TLS verification for Kubernetes. - Detects expired, revoked and self-signed certs - Aligns with PCI-DSS, HIPAA and 5G mandates - JSON output for CI/CD automation [Check It Out on GitHub](https://github.com/kubearmor/k8tls) ## Secure Agentic AI & Discover Shadow AI. Kernel-enforced guardrails for autonomous AI agents built for Claude CLI, OpenClaw and other Agentic AI runtimes. Surfaces and stops Shadow AI activity inside your environment. ### Agentic AI Coverage ### Shadow AI Discovery [Learn More](https://accuknox.com/blog/introducing-clawarmor-for-openclaw-instances) | Without ClawArmor | With ClawArmor | | --- | --- | | Full host access | Signed paths only, via KubeArmor | | No process allowlist | Allowlist — kernel enforced | | Unrestricted egress | Blocked at kernel level | | Invisible to host | KubeArmor telemetry + AI-SPM | | Shadow AI invisible | Shadow AI auto-discovered | | Agents run unconstrained | Claude CLI / OpenClaw sandboxed | ## Sandbox Untrusted AI/ML Workloads. Open-source kernel-enforced sandbox for ML pipelines. BPF-LSM hardened for Jupyter, PyTorch, TensorFlow, NVIDIA NIM and Agentic AI runtimes combining strong security with efficient operations. - ML sandboxing for JupyterHub, PyTorch, TensorFlow - Zero Trust on CUDA library exploitation - NVIDIA NIM security for inference endpoints - Agentic AI sandboxing at the kernel - Stops Python pickle injection at the kernel [Learn More](https://accuknox.com/platform/modelarmor) ## Take Your Security Beyond Open Source Move to a unified CNAPP that covers code, cloud, apps, APIs, AI, Kubernetes, and workloads with managed dashboards, auto-discovered policies, and 24/7 expert support. - Unified CNAPP platform - Auto-discovered hardening policies - 24/7 expert support & SLA [Contact Us](https://accuknox.com/contact-us) [Book a Demo](https://accuknox.com/demo) ## KubeArmor (Open Source) vs AccuKnox Enterprise | AccuKnox Runtime Security Features | Open Source | Enterprise | | --- | --- | --- | | Observability into the workload at granular level | | | | In-line remediation for Zero Day Attacks | | | | Manual apply of Security Policies using CLI | | | | Integration to SIEM for security events and Notification tool | | | | Network security using CNI | | | | Auto-Discovered Behavioural Policies | | | | Recommendation of Hardening Policies based on standard compliance framework – MITRE, NIST, PCI-DSS, CIS | | | | Inventory View of Application | | | | Network Graph View of the Application | | | | Network Microsegmentation in the application | | | | Hardening of the Secrets Managers like Hashicorp Vault, CyberArk Conjur | | | | GitOps based Version Control for Policy Lifecycle Management | | | ## ModelArmor (Open Source) vs AccuKnox AI-SPM | Feature | Open Source | Enterprise | | --- | --- | --- | | Purpose | Sandboxing untrusted AI/ML models | Comprehensive AI model security & monitoring | | Focus Areas | Cryptomining, command injection, resource abuse | GenAI threats: prompt injection, jailbreaking, LLM security | | Security Mechanism | Preemptive policies with KubeArmor | Inline security with LLM Guard | | Integration | Open-source, integrates with Kubernetes | Enterprise-grade with robust dashboards | | Attack Surface Coverage | Model-level execution security | Model behaviour, data, and prompt protection | | Cost | Free (open-source) | Paid (enterprise-grade) | ## See How Customers Accelerate Business And Reduce Risks With AccuKnox ### DevSecOps & Security Teams Love our AppSec/CloudSec/AISec Platform “AccuKnox allows Public Sector agencies and entities to protect themselves against current and emerging threats.” Natalie Gregory, Vice President Enterprise Solution ### DevSecOps & Security Teams Love our AppSec/CloudSec/AISec Platform “Choosing AccuKnox was driven by opensource KubeArmor’s novel use of eBPF and LSM technologies, delivering runtime security” Golan Ben-Oni, Chief Information Officer ### DevSecOps & Security Teams Love our AppSec/CloudSec/AISec Platform “AccuKnox’s strong roadmap offerings in API Security, AI/LLM Security made AccuKnox the best choice for AppSec/CloudSec platform.” David Billeter, Cybersecurity Leader ### DevSecOps & Security Teams Love our AppSec/CloudSec/AISec Platform “At Prudent, we advocate for a comprehensive end-to-end methodology in application and cloud security. AccuKnox excelled in all areas in our in depth evaluation.” Manoj Kern, CIO ### DevSecOps & Security Teams Love our AppSec/CloudSec/AISec Platform “As 5G starts getting broad industry adoption, security is a very critical challenge. It is delightful to see an amazing innovator like SRI work with AccuKnox to deliver critical innovations” Jim Brisimitzis, General Partner ### DevSecOps & Security Teams Love our AppSec/CloudSec/AISec Platform “The discovery process is crucial to making drug discovery faster, smarter, and secure. We are pleased to partner with AccuKnox for their AI Security prowesses” Matt Shlosberg, Chief Operating Officer ### DevSecOps & Security Teams Love our AppSec/CloudSec/AISec Platform “AccuKnox does a tremendous job at showing the complexity of different approaches to Kubernetes security in terms of responding to high severity cloud attacks” James Berthoty, Founder & Security Analyst - - - - - - - ## Open Source FAQs 1 Does KubeArmor only support Kubernetes or it can support on-prem deployments like legacy VMs, and pure containerized workloads as well? KubeArmor supports Workloads deployed as k8s orchestrated containers and VM/Bare-Metals workloads 2 What is the deployment architecture for Kubernetes? For Kubernetes, the deployment is a demon set. 3 How AccuKnox help achieve protection for Edge, 5G workloads? With edge computing shifting towards containerized workloads and in a few cases to orchestrated kubernetes workloads, it becomes important to have a security solution. KubeArmor not only provides enforcement into different forms of deployment but can also provide real-time container-rich observability. KubeArmor supporting un-orchestrated containers, k8s workloads and bare metal VMs makes it an ideal universal engine. Its kernel-level runtime security enforcement and container-aware observability bring the best of both worlds. Get a LIVE Tour ## Ready For A Personalized Security Assessment? “Choosing AccuKnox was driven by opensource KubeArmor’s novel use of eBPF and LSM technologies, delivering runtime security” Golan Ben-Oni Chief Information Officer “At Prudent, we advocate for a comprehensive end-to-end methodology in application and cloud security. AccuKnox excelled in all areas in our in depth evaluation.” Manoj Kern CIO “Tible is committed to delivering comprehensive security, compliance, and governance for all of its stakeholders.” Merijn Boom Managing Director