As enterprise organizations scale their artificial intelligence workloads, managing the unique, unpredictable operational footprints of autonomous AI agents has introduced significant friction between AI development teams, platform engineers, and cybersecurity administrators. To resolve these deployment bottlenecks, Tigera, the pioneer and maintainer of Calico Open Source, has announced the general availability of Tigera Lynx a unified control plane custom-built for Kubernetes-native AI agents.
Lynx creates a centralized operational environment where companies can automatically detect, protect, sandbox, and analyze every single AI agent running in a Kubernetes system. Through cryptography and behavior policies, Lynx delivers comprehensive monitoring and detection without having to make any changes to the underlying source code of the AI agent itself.
Bridging the AI Security and Operations Divide
Unlike traditional cloud-native applications, AI agents operate independently and without deterministic behavior. Representing the interests of the end-user, AI agents continuously make calls to external API interfaces, interact with various LLMs, access a variety of tools, and receive input from unvetted user-generated prompts. Such flexibility results in differing concerns within the enterprise; while data science teams focus on speed and innovation, platform engineering is unable to demonstrate stable infrastructure, and security operations teams must certify workflows that cannot be predicted through deterministic behavior.
Since merely having valid credentials does not guarantee proper agent actions, the risk profile of the corporation changes constantly depending on what new toolset, agent, or platform configuration becomes active. The Lynx solution addresses this potential attack vector through interception of all operational requests made regardless if they pass through an agent-to-agent, agent-to-tool, or agent-to-LLM path. Fully based on open ecosystem standards, Lynx integrates effortlessly into corporate identities, SPIFFE/SPIRE-based environments, and established third-party observability platforms.
Also Read: GitLab 19.0 Accelerates Software Delivery, Unifying Code Development and Production Deployments Through Intelligent Orchestration
Core Architectural Capabilities
Tigera Lynx structures its unified control plane around five critical operational pillars:
- Discovery, Registry, and Observability: The platform maintains a centralized directory that automatically catalogs the owner, purpose, and version of every active agent. Leveraging eBPF-powered auto-discovery, Lynx identifies unmapped “shadow agents,” instantly flags them, and places them into quarantine. Comprehensive interaction maps are preserved via OpenTelemetry traces.
- Configuration & AI-CSPM: The system is equipped with Continuous AI Cloud Security Posture Management (AI-CSPM), which will assess the configuration settings based on compliance matrices. If there are any instances of over-privileged settings, those will be promptly quarantined through individualized agent-level sandboxing capabilities. Pre-packaged compliance solutions include GDPR, HIPPA, SOC 2, as well as industry-specific compliance for finance; there is also a specialized Red-Team agent included.
- Identity & Cryptographic Authentication: Lynx eliminates the weakness of the hardcoded, non-renewable API key by issuing short-lived and automatically renewable tokens to each and every agent. Together with enterprise identity systems or SPIFFE/SPIRE, Lynx creates a new JSON Web Token (JWT) for each unique phase of the multi-agent workflow process.
- Policy Enforcement with Cedar: The default-deny architecture posture is the overarching set of enterprise-wide rules that define the access rights between the LLMs, agents, and Model Context Protocol (MCP). Policies are created in Cedar policy language, and then enforced natively by the gateway layer before any request executes. In the case of rogue agent behaviors, restrictions can be applied instantaneously; malicious prompts will be flagged and forwarded for human-in-the-loop verification.
- Kernel-Level Anomaly Detection: With eBPF, LSM, and their ability to track system call activity, network traffic, and file system actions, Lynx detects credentials theft and lateral movement activities not detectable from within the agent layer. All of this drives the immutable logging for the purpose of forensics as well as powers the dedicated Guardian Agent.
Extending Decades of Kubernetes Expertise to AI Workloads
The development of Lynx represents a natural evolution for Tigera, leveraging the foundational networking technologies that secure some of the world’s largest enterprise clusters.
“For over a decade, Tigera Global’s Calico platform has supported 2000 companies running the world’s largest Kubernetes platforms, securing tens of millions of business-critical transactions daily. AI agents are the next generation of workloads: autonomous, distributed, and increasingly embedded in critical business processes. Lynx brings the same unified control and security discipline to AI agents. We are building on our core competency – providing high-performance security for business-critical workloads at scale on Kubernetes,” : said Ratan Tipirneni, CEO of Tigera.
“Control is only meaningful if it is enforced consistently. Lynx assigns each agent a cryptographic identity, restricts access rights to a single hop, and evaluates every LLM, MCP, and tool call against a default deny policy at the gateway without any changes to the agent code. Because we monitor behavior with eBPF and LSM in the kernel, we can detect when an agent is malfunctioning, even if it has valid credentials, and establish a reproducible audit trail to prove it.” : said Peter Kelly, Chief Technology Officer of Tigera.
