In this episode of The AI Kubernetes Show, we talked with Marina Moore, a research scientist at Edara and co-chair of the CNCF Tag Security, about how the state of AI is impacting the art and science of platform engineering and software development, with a specific focus on security best practices for AI-driven systems.
This blog post was generated by AI from the interview transcript, with some editing.
Moore's latest research is all about isolating AI agents and figuring out how to better secure these autonomous systems running on our machines. Her work points to a streamlined security solution that uses a natural trend in agent design: breaking down big tasks into smaller ones.
In high-performance autonomous systems, work is often decomposed. Different agents handle smaller, specific parts of a task. Moore suggests that we should use this decomposition as a key security measure. The core idea is to put these separate agents into their own security boundaries with controlled, or "gated," pathways for data flow. When you know exactly where the data is moving, you can effectively secure that interaction.
Surprisingly, adding these security layers has a minimal impact on performance. The slowest parts of the entire system are typically the tool calls and the actual inference processing with the large language models. This means you can add extra layers of security on top, and the performance remains very similar.
Chia drew a great analogy for this approach: it's like decomposing the monolith in the world of Kubernetes, taking one big system and breaking it into smaller pieces. This is beneficial because the context window is critical, and smaller "nuggets" of work are simply easier to secure.
The conversation centered on the importance of integrating security early in the development lifecycle, a concept Chia described as 'go slow to move fast.'
As the AI field matures, Moore hopes that people will start thinking about how to build security in from the start, doing things right the first time. Security should be viewed as an enabler, a foundational part of the process that really helps the whole thing work.
A strong security posture can also improve system performance. If you can get the security piece working, you can actually improve reliability. Starting with a secure posture is much easier than trying to bolt on security at the end, which has always been a problem.
As co-chair of the CNCF Tag Security, Moore helps provide security assessment processes for CNCF projects. She shared valuable insights on the benefits of self-assessment at an early stage. Projects that perform these security assessments earlier find it easier and are better able to fix their architecture to improve security.
A core component of the assessment process is threat modeling, which helps developers get in the right mindset by asking, "What are the different pieces of the system?" “How does data flow between them?” “And which pieces can be attacked?”
Even for systems developers already know well, simply enumerating all those connections can illuminate connections that weren't obvious before. Writing it down and thinking about it for a second often reveals new insights.
Moore has some solid advice for different roles in the software development and operations world. For platform engineers, the big takeaway is to design those base levels of security from the jump, focusing on systems that are inherently secure. When your infrastructure starts with a secure baseline, you gain a lot more freedom to experiment without the risk of, say, accidentally deleting your production database.
For software developers, it's important to understand how powerful your tools are, but also what their limitations are. Ultimately, humans are still responsible for what they put out into the world, whether that's code or writing, even with the aid of an AI system.
Stay in touch with Marina
Here's how to stay in touch with Marina Moore.
By breaking down the overall task into smaller pieces of work handled by different agents and then enforcing a security boundary with gated pathways for data flow between them. This allows the interaction between agents to be secured.
Generally, no. The inference processing and tool calls to the LLM agents are the slowest parts of the system. The security overhead is pretty small.
Building security in from the start is more efficient and helps improve the overall reliability of the system. This approach is much easier than trying to bolt on the security at the end.
The simple act of writing down all the actors in the system, how they interact, and which parts can be attacked is a critical part of "threat modeling." This process forces a deeper line of reasoning that can illuminate connections that didn't exist before and lead to better-designed systems.
Copyright © 2025 Buoyant Inc.
.webp)
