Why cloud native belongs at the heart of agentic AI: Lessons from building a multi-agent security platform on Kubernetes

2026-06-17 · Source: Cloud Native Computing Foundation · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Cloud Computing & IT Infrastructure · Depth: Advanced, medium

Summary

Orange Innovation is developing and rolling out a real-time, multi-agent security operations platform on Kubernetes, as detailed in a June 17, 2026 post by Willem Berroubache, Lead Security Architect. This platform, presented at KubeCon + CloudNativeCon Europe 2026, aims to shorten mean time to detect and respond while offloading rule authorship from human analysts to an agent layer. It leverages CNCF projects like Falco with eBPF, Kafka, cert-manager, Cilium, OPA, Kyverno, Argo CD, Prometheus, and Cilium Hubble. The system uses an Isolation Forest classical anomaly model to pre-filter events before LLM-driven agents, and coordinates via the A2A protocol (open-sourced 2025, Linux Foundation) and MCP (Agentic AI Foundation). Each agent is deployed as a Kubernetes workload, with safety constraints codified as policy-as-code, and observability tied to A2A trace_ids.

Key takeaway

For AI Architects designing agentic AI platforms, recognize that cloud-native foundations are critical for operationalizing these systems at scale. Treat each agent as a standard Kubernetes workload, leveraging existing patterns for identity, isolation, and observability. Implement safety constraints as version-controlled policy-as-code and gate LLM calls with classical anomaly models to manage costs and performance. This approach ensures your agentic AI is robust, auditable, and integrates seamlessly into existing MLOps workflows.

Key insights

Building agentic AI on cloud-native foundations solves operational challenges and enables scalable, observable, and policy-driven security platforms.

Principles

• Treat agents as Kubernetes workloads.
• Codify agent safety constraints as policy-as-code.
• Gate LLM calls with classical anomaly models.

Method

Deploy agents as Kubernetes workloads; secure inter-agent traffic with cert-manager mTLS and CiliumNetworkPolicy; enforce safety via OPA/Kyverno policy-as-code; manage configs with Argo CD GitOps; pre-filter LLM calls with Isolation Forest.

In practice

• Use A2A protocol for agent coordination.
• Implement mTLS with cert-manager for agent identity.
• Manage agent prompts as Kubernetes Custom Resources.

Topics

• Agentic AI
• Cloud Native Security
• Kubernetes
• A2A Protocol
• Policy-as-Code
• LLM Gatekeeping

Best for: AI Engineer, MLOps Engineer, AI Architect

Related on AIssential

• Cloud native is now AI-native: Engineering production-ready AI — Production-ready AI requires cloud-native principles, vendor-neutral infrastructure, integrated security, and active community contribution.
• Beyond LLMs: Why Scalable Enterprise AI Adoption Depends on Agent Logic — Agent logic, using software primitives, is critical for scalable, cost-effective enterprise AI by guiding LLMs in complex workflows.
• OpenAI acquires AI agent orchestration startup Ona — Cloud-based sandboxes enable persistent, secure, and resource-rich execution for long-running AI agents, overcoming local machine limitations.
• Meet LiteLLM Agent Platform: A Kubernetes-Based, Self-Hosted Infrastructure Layer for Isolated Agent Sandboxes and Persistent Session Management in Production — The LiteLLM Agent Platform offers self-hosted, Kubernetes-based infrastructure for isolated, persistent AI agent sandboxes.
• The Sequence Opinion #840: The Agent-Native Rewrite: Why Every Piece of Software Infrastructure Needs to be Reimagined for AI Agents — AI agents necessitate a fundamental rewrite of software infrastructure designed for human-driven explicit instructions.
• Rebooting Enterprise AI with MCP and Kubernetes — MCP acts as a "selectively permeable membrane" enabling secure, controlled AI agent interaction with enterprise systems.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Cloud Native Computing Foundation.