Tigera introduced a new solution designed to protect AI workloads operating within Kubernetes clusters.
Due to the resource-intensive and bursty nature of AI workloads, Kubernetes has become the de facto orchestrator for deploying them. However AI workloads introduce unique security challenges, throughout the data ingestion and preparation, model training, and deployment stages.
Calico is purpose-built to protect mission-critical AI workloads at every stage. The platform provides a comprehensive set of features enabling organizations to scale their AI initiatives with confidence.
Egress Security to Protect Data Ingestion and Preparation
Pods reaching out to external data and model repositories are subject to data exfiltration threats. Calico’s robust egress security controls, which include network policies, network sets, and DNS policies, ensure that the communication between the pods and external sources is trusted and secure. This prevents data exfiltration and safeguards model integrity.
Calico’s egress gateway also creates a secure, centralized exit point for AI workloads, routing outbound traffic through dedicated gateway pods that can be monitored, logged, and controlled with fine-grained policies – eliminating direct pod access to external services.
Zero-trust Microsegmentation to Protect the Model Training Stage
During model training, pods communicate laterally with other pods to exchange, analyze and refine training data before writing the trained model back to storage. This pod-to-pod communication, by default, is unsecured and can be exploited by attackers to move laterally within the cluster to more sensitive assets.
Calico enforces granular network policies, including staged policies for testing and governance, to enable zero-trust microsegmentation to protect sensitive data sets and ensure access is limited to authorized resources, even in multi-tenant environments.
Ingress Controls and WAF to Protect Access to AI End Points
Upon model deployment the inference pods receive requests from users and other applications. This ingress communication presents a security risk. Calico’s ingress gateway enforces policies to ensure that trusted users and applications can access the model. Calico’s ingress WAF inspects incoming HTTP traffic to detect and block attacks listed in OWASP. This prevents attacks such as SQL injection and cache poisoning.
Robust Egress Controls for Protecting Intellectual Property
Models and training data represent some of the most valuable assets in modern enterprises. Calico’s egress controls, combined with DNS network policies, provide granular protection for these assets by controlling what each service can communicate with. This prevents data exfiltration and safeguards model integrity.
Unified Policy Management Across Distributed AI Clusters
Most enterprise AI deployments span multiple clusters from dedicated training environments, to optimized inference clusters and integrated production systems.
Calico’s cluster mesh feature supports unified policy management across distributed AI environments. Organizations can isolate training, inference, and production workloads while maintaining consistent security policies across clusters.
AI-Centric Observability and Compliance Controls
Calico also provides detailed flow logs, DNS logging, and visual service graphs to help teams understand AI service interactions and identify misconfigurations. These capabilities support compliance auditing and incident response with forensic-level detail.
“As AI adoption accelerates, organizations need security solutions that are as dynamic and scalable as the workloads they protect,” said Phil DiCorpo, Senior Director of Product Management at Tigera. “Calico empowers platform and security teams to confidently secure AI workloads without compromising agility or performance.”
To read the blog, Securing AI Workloads in Kubernetes: Why Traditional Network Security Isn’t Enough, visit the website here.
Related News:
Tigera Advances Calico: Enhanced Observability and Security for Ingress
