#United States #San Jose #Kubernetes #Calico #Tigera

Tigera Introduces a New Security Solution for AI Workloads on Kubernetes

On September 18, 2025, in a significant advancement for container networking and security, Tigera announced a new solution aimed at protecting AI workloads running on Kubernetes clusters. Known for developing Project Calico, Tigera has tailored this solution to meet the distinct security needs posed by AI applications, particularly given their resource-intensive nature and specific challenges during deployment.

Protection Across All Stages of AI Workloads

As organizations increasingly shift towards AI, the complexities associated with data ingestion, model training, and deployment of AI models have raised cybersecurity concerns. Tigera's Calico is designed to address these issues effectively. With a set of robust features, Calico empowers enterprises to scale their AI initiatives while ensuring robust security against potential threats.

Egress Security: Safeguarding Data Ingestion and Preparation

AI workloads often require access to external data and model repositories, making them susceptible to data exfiltration attacks. Calico's egress security controls offer a multi-layered protective framework including network policies and DNS policies to ensure that interactions between pods and external data sources are both secure and trustworthy. By routing outbound traffic through dedicated gateway pods, businesses can monitor and control communication—mitigating risks of direct pod access to external services and enhancing model integrity.

Zero-Trust Microsegmentation for Model Training

During the model training phase, pods often engage in lateral communication to refine and exchange training data. Such communication, however, can be a weak point if left unsecured, as attackers can navigate within the cluster undetected. Calico applies granular network policies to enforce zero-trust microsegmentation. This approach limits access to sensitive data resources only to authorized entities, safeguarding the training process even in multi-tenant environments.

Ingress Controls and Web Application Firewall (WAF)

Once AI models are deployed, they can receive requests from users and other applications through inference pods, posing a security risk during ingress communication. Calico’s ingress gateway implements policies ensuring that only trusted users and applications access the model. Furthermore, Calico's WAF inspects incoming HTTP traffic to thwart commonly cited security threats like SQL injection and cache poisoning, thus enhancing the security of deployed AI models.

Egress Controls for Protecting Intellectual Property

In today’s competitive landscape, models and training data are amongst the most valuable assets for enterprises. Calico’s egress controls, combined with DNS network policies, ensure that communication capabilities are finely managed. This prevents unnecessary data exfiltration while protecting the integrity of valuable AI models and their underlying training datasets.

Unified Policy Management Across Multiple Clusters

As enterprises often deploy AI initiatives across multiple Kubernetes clusters, such as dedicated training environments and integrated production systems, the need for coherent security policies becomes crucial. Calico’s cluster mesh feature supports consistent policy management across these dispersed environments. This approach allows organizations to isolate different workloads while upholding uniform security standards.

Enhanced Observability and Compliance Controls

To aid teams in understanding service interactions and identifying potential misconfigurations, Calico also offers enhanced observability features. Detailed flow logs, DNS logging, and visual service graphs facilitate compliance auditing and incident response, delivering insights at a granular level.

Phil DiCorpo, Senior Director of Product Management at Tigera, emphasizes, "As AI adoption accelerates, organizations need security solutions that are just as dynamic and scalable as the workloads they protect." Calico's capabilities empower platform and security teams to confidently secure AI workloads without compromising on agility or performance.

For more information on Tigera's innovative solutions and Calico's latest features, please visit Tigera's website.

About Tigera

Tigera is the creator of Calico, a unified and robust network security and observability platform widely used to detect and counteract security breaches in Kubernetes environments. With over 100 million containers operating on more than 8 million nodes across 166 countries, Calico is the preferred open-source solution supported by all major cloud providers and Kubernetes distributions, adopted by numerous leading organizations, including Discover, Chipotle, and NBCUniversal.