Tigera, the inventor and maintainer of Calico Open Source, is releasing Tigera Lynx, a unified control plane for Kubernetes-native AI agents—giving enterprises a single place to find every agent in their Kubernetes estate, tighten posture, assign a sandbox, give each agent cryptographic identity, enforce policy on every action it takes, audit what agents actually do, and detect anomalous behavior without changing a line of agent code.
According to Tigera, AI agents don’t behave like the workloads enterprise security stacks were built for. They are autonomous and non-deterministic: they act on behalf of a user, reach for any tool, LLM, or other agent, have a delegation chain and read untrusted input.
Lynx sits in the path of every agent call—agent-to-agent, agent-to-tool, and agent-to-LLM— to authenticate, authorize, mediate, and audit each one. It plugs into the tools enterprises already run, including their identity provider (EntraID, Okta) or via SPIFFE/SPIRE, and existing observability systems, and is built on open standards rather than proprietary lock-in.
Lynx offers one control plane and five capabilities, including:
- Discovery, registration, and observability. A central registry catalogs every agent with its owner, purpose, and version, while eBPF-powered auto-discovery finds agents nobody registered. Shadow agents are flagged and quarantined, and any agent’s actions can be reconstructed end-to-end through OpenTelemetry traces.
- Configuration and posture management. AI-CSPM continuously evaluates every agent against a baseline, surfacing drift and over-permissions the moment they happen, with per-agent sandboxing and pre-built compliance packs mapping to GDPR, HIPAA, SOC 2, and financial services requirements. A Red Team Agent continuously probes for weaknesses in posture and misconfigurations.
- Identity and authentication. Every agent gets a verifiable cryptographic identity through integration into an enterprise’s identity provider (EntraID, Okta) or through SPIFFE/SPIRE, with no shared secrets. Long-lived API keys are replaced by short-lived and tightly scoped, auto-rotated tokens. A JWT token is minted for every hop in a multi-agent workflow.
- Policy definition and enforcement. A single default-deny policy governs LLM, MCP, and agent access using the Cedar policy language, enforced at the gateway before any call executes—with no agent code changes. Misbehaving agents can be quarantined instantly and high-stakes calls routed to a human.
- Anomalous behavior detection. eBPF and LSM watch every syscall, network call, and file access at a layer agents can’t tamper with, catching credential theft and lateral movement even when an action passes policy. This provides a forensic audit trail. Guardian Agent detects anomalous behavior and quarantines suspicious agents.
“For over a decade, Tigera’s Calico platform has served Global 2000 companies running the largest Kubernetes platforms in the world, securing tens of millions of mission-critical transactions every day. AI agents are the next class of workloads: autonomous, distributed, and increasingly embedded in critical business processes. Lynx brings that same unified control and security rigor to AI agents. We're building on our core competency—securing mission-critical workloads at scale on Kubernetes, in a highly performant way,”
said Ratan Tipirneni, CEO of Tigera.
Lynx is generally available now.
For more information about this news, visit www.tigera.io.