Sysdig

A lot of the market still talks about AI as if it's a feature. A chatbot. A summarization layer. The data says otherwise. AI isn't being bolted on anymore. It's being built in. There are two kinds of organizations right now. Takers consume AI through SaaS and hosted services. Makers and shapers build it directly into their own environments. AI packages grew 25x year over year. That's not casual adoption. That's infrastructure. And once AI becomes infrastructure, weak governance models become newly dangerous. That's a different security problem than the one most teams are currently solving for. Latest article: 👇 #CloudSecurity #AIInfrastructure #RuntimeSecurity #CNAPP

🚨 LLMjacking has evolved. The Sysdig TRT caught a threat actor using an exposed, unauthenticated Ollama server as the reasoning engine for an autonomous, multi-stage offensive hacking tool. Not reselling the access. Building with it. 🚨 What makes this different: Sysdig TRT captured the tool while it was still being developed, including every stage of its logic and the markers it uses to confirm a compromise. 👀 What the Sysdig TRT observed: ➝ A full offensive pipeline: service fingerprinting, vulnerability matching, exploit synthesis, credential extraction, privilege escalation, and autonomous orchestration ➝ The tool confirmed RCE by looking for VAPTb3gin and VAPTfin bracketing the output of id, the signature commonly associated with automated agent-driven tooling ➝ The pipeline grew and was rewritten across an 8-hour session, consistent with a developer actively iterating on a maturing tool ➝ The tool requested GPT-4o, Claude Sonnet, and Gemini by name, built to run against any model backend with the exposed Ollama server as a free substitute 💥 Why this matters: ➝ Compute theft and autonomous offensive AI have converged in a single observed operation ➝ Roughly 175,000 Ollama instances are publicly exposed with no authentication, creating a large pool of potentially exploitable inference capacity ➝ The cost of running autonomous attack tools is collapsing toward zero for anyone willing to steal someone else's compute 🛡️ What to do: ➝ Never expose port 11434 to the internet. Bind Ollama to localhost or an internal interface ➝ Add authentication at the proxy or network layer ➝ Scan your own ranges for exposed model servers before someone else does 🎯 Takeaway: LLMjacking started as billing fraud. It's now powering autonomous offensive tooling. ↳ Full research from the Sysdig Threat Research Team: https://okt.to/kyVsK6 #CloudSecurity #ThreatResearch #AIAgents #LLMSecurity #RuntimeSecurity

Happy Father's Day to the Sysdig dads. We asked them for their best dad jokes. We regret nothing. 😅 A small sample of the chaos: Has anyone seen the cybersecurity team? All I know is that they ran-som-ware.😆 The eye rolls were real. The groans were louder. We loved every second. Swipe through for the full lineup and drop your favorite dad joke in the comments. You've been warned. 🎨 To all our Sysdig dads: thanks for keeping the cloud secure and the jokes consistently terrible. We wouldn't have it any other way. Happy Father's Day. 💚 #FathersDay #LifeAtSysdig #DadJokes

Pods. Isolation. Boundaries that are supposed to hold. 🔓 Most people assume containers are sealed off from each other and from the host machine running them. Usually, that's true. But isolation can fail, and when it does, an attacker can move from a single container straight into the host itself. From there, every other container on that machine becomes fair game. The cause is rarely anything dramatic. It's something far more ordinary. Kat breaks down container escapes in under a minute. Watch the full episode. 👇 #CloudSecurity #KubernetesSecurity #Falco #ContainerSecurity

The hustle hard era of security is ending. Not because teams stopped trying, but because the math stopped working. Human error drives 26% of all data breaches. Threats arrive at machine speed. And any process that requires human input introduces delay, and therefore exploitability. The shift is already underway. Kill -9 usage rose 140% year over year. Teams aren't just seeing threats. They're acting on them. We unpacked what that shift actually looks like, and what it means for the humans still in the loop, in our latest article. 👇 #CloudSecurity #RuntimeSecurity #AIAgents #CNAPP #CloudNative

Today, we’re excited to announce Hatem Naguib as Sysdig’s new CEO. 🎉 Hatem is a proven leader with 35 years of experience building and scaling platforms through some of the biggest shifts in technology. Most recently as CEO of Barracuda, and before that, helping scale VMware’s NSX into a category-defining business. He joins as AI reshapes how software is built, accelerates the speed and frequency of attacks, and changes how security teams have to operate. It’s the kind of moment that demands both the right security platform and the right leader. The teams we work with are under more pressure than ever – to move faster with AI and to keep their cloud environments secure while they do. We recently launched the industry’s first headless cloud security platform, designed to run inside AI coding agents, and Prempti, which brings runtime security directly into the tools developers already use. Under Hatem’s leadership, we’re building on that momentum to define the next generation of AI-driven cloud security. Welcome Hatem! ↳ Read the press release: https://okt.to/zEukMK

🚨 The Sysdig TRT has observed threat actors using CTF framing to trick their own AI assistants into writing attack code, and then deploying the output as working exploits.🚨 The framing isn't meant to fool defenders. It's meant to fool the attacker's own LLM. But the jailbreak leaks. The same CTF framing bleeds into every field the model generates, request headers, passwords, IAM session names, API key aliases. Fields a human would never label that way. 👀 What the Sysdig TRT observed: ➝ A single source IP hit five separate applications in 18 hours: PraisonAI, LiteLLM, FastGPT, Open-WebUI, and Gotenberg ➝ Multiple independent operators converged on byte-identical CTF framing against the same targets ➝ One actor flipped the technique against a victim's AI agent, using "security canary" language to trick the target's LLM into running a reverse shell 💥 Why this matters: ➝ The CTF framing has become a shared jailbreak across unrelated operators ➝ A CVE ID in a User-Agent is now a standalone threat intel signal worth acting on ➝ The leak is consistent enough across 10 source IPs that the framing itself has become a tracking signal 🛡️ What to do: ➝ Flag inbound requests with CVE identifiers in the User-Agent for immediate review ➝ Deploy WAF or IPS rules matching CTF/CVE framing patterns ➝ Sanitize User-Agent, account alias, password, and roleSessionName fields before passing context into any LLM-assisted SOC analysis 🎯 Takeaway: The CTF framing is not the attack. The attack is underneath it. But it's now consistent enough across unrelated actors that it has become a tracking signal in its own right. ↳ Full research from the Sysdig Threat Research Team: https://okt.to/G5PWCx #CloudSecurity #ThreatResearch #AIAgents #RuntimeSecurity #LLMSecurity

An Anthropic API key has become one of the most powerful credentials in your environment. With it, Claude can reach sensitive data, run code, and act on a user's behalf. Most security teams still treat it as an afterthought. That gap matters because the question every security team should be able to answer is simple: when someone uses Claude, can you tell whether the activity is legitimate or the first visible step of a compromise? For most teams today, the honest answer is no. Not because the data isn't there. Because a compliance event is one frame, not the whole movie. The context that resolves the ambiguity isn't in the compliance feed. It's in the runtime activity on the same machine, in the moments right before and right after the event. That's the shift Sysdig's integration with Anthropic delivers. From isolated alert to full runtime context, to machine-speed response. The credential is new. The discipline is not. Read the full blog. 👇 https://okt.to/AIElUW #CloudSecurity #AIAgents #RuntimeSecurity #CNAPP #HeadlessCloudSecurity

Cloud security isn't just a technical conversation anymore. It's a boardroom one. Sysdig CFO Karen Walker took that message to the CFO Leadership Council's 2026 Spring Leadership Conference in Boston last week. Her keynote covered scaling in the cloud era, navigating cyber risk, and what high-velocity finance looks like when your infrastructure lives in the cloud. A big thank you to Jack McCullough and the CFO Leadership Council for the platform and the warm reception. The role of the CFO is evolving fast. The ones leading that change are the ones bringing security, technology, and financial strategy into the same conversation. Proud of Karen for representing Sysdig on that stage. 💚 #Leadership #CFO #CloudSecurity #LifeAtSysdig

In 2018, attackers took nearly a year to weaponize a vulnerability. By 2023, it was eight days. By the end of 2025, hours. That trajectory has one logical endpoint: near real time. 🔒 And yet, in-use vulnerabilities have plateaued at 5% for two years running. Teams are prioritizing better. Tools are more mature. Processes have improved. The ceiling hasn't moved. This is no longer a tooling problem. It's a scale problem. The window between vulnerability disclosure and active exploit keeps collapsing. Focusing solely on vulnerabilities being actively exploited is no longer enough. And asking humans to move faster isn't the answer either. The next step isn't more automation. It's a different kind entirely. And the key to making it work is in the guardrails. Read the full breakdown. 👇 https://okt.to/QWZ7X2 #CloudSecurity #VulnerabilityManagement #AIAgents #RuntimeSecurity #CNAPP