Skip to main content
graphwiz.aigraphwiz.ai
← Back to DevOps

Kubescape 4.0: Kubernetes Security Meets the AI Agent Era

DevOpsSecurityKubernetes
kubescapekubernetessecurityebpfcncfruntime-detectionai-agents

At KubeCon EU in Amsterdam on 26 March 2026, the Kubescape team released version 4.0 of the open-source Kubernetes security platform. The release general availability for two major capabilities: runtime threat detection powered by eBPF, and a dedicated security scanner for CNCF Sandbox's KAgent CRDs. The architecture also sheds the host-sensor DaemonSet that required elevated privileges in previous versions, replacing it with a unified node-agent that runs with standard permissions.

What changed in 4.0

The headline features are runtime threat detection and KAgent security scanning, but the architectural cleanup is equally significant.

<svg viewBox="0 0 460 280" xmlns="http://www.w3.org/2000/svg" style="width:100%;max-width:460px;margin:1.5rem auto;display:block;font-family:system-ui,sans-serif"> <rect x="0" y="0" width="460" height="280" rx="8" fill="var(--background-secondary)"/> <text x="230" y="22" text-anchor="middle" fill="var(--foreground)" font-size="12" font-weight="600">Kubescape 4.0 Architecture</text> <!-- Cluster nodes --> <rect x="20" y="210" width="120" height="50" rx="6" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="1"/> <text x="80" y="230" text-anchor="middle" fill="var(--foreground-secondary)" font-size="9">Node 1</text> <text x="80" y="248" text-anchor="middle" fill="var(--accent)" font-size="8">node-agent (eBPF)</text> <rect x="170" y="210" width="120" height="50" rx="6" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="1"/> <text x="230" y="230" text-anchor="middle" fill="var(--foreground-secondary)" font-size="9">Node 2</text> <text x="230" y="248" text-anchor="middle" fill="var(--accent)" font-size="8">node-agent (eBPF)</text> <rect x="320" y="210" width="120" height="50" rx="6" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="1"/> <text x="380" y="230" text-anchor="middle" fill="var(--foreground-secondary)" font-size="9">Node 3</text> <text x="380" y="248" text-anchor="middle" fill="var(--accent)" font-size="8">node-agent (eBPF)</text> <!-- Arrows up --> <line x1="80" y1="210" x2="80" y2="175" stroke="var(--foreground-secondary)" stroke-width="1" marker-end="url(#arr3)"/> <line x1="230" y1="210" x2="230" y2="175" stroke="var(--foreground-secondary)" stroke-width="1" marker-end="url(#arr3)"/> <line x1="380" y1="210" x2="380" y2="175" stroke="var(--foreground-secondary)" stroke-width="1" marker-end="url(#arr3)"/> <!-- Runtime Threat Detection --> <rect x="20" y="130" width="200" height="42" rx="6" fill="var(--accent)" opacity="0.1" stroke="var(--accent)" stroke-width="1.5"/> <text x="120" y="148" text-anchor="middle" fill="var(--accent)" font-size="10" font-weight="600">Runtime Threat Detection (GA)</text> <text x="120" y="163" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">eBPF probes · CEL rules · &gt;95% noise reduction</text> <!-- KAgent Scanner --> <rect x="240" y="130" width="200" height="42" rx="6" fill="var(--accent)" opacity="0.1" stroke="var(--accent)" stroke-width="1.5"/> <text x="340" y="148" text-anchor="middle" fill="var(--accent)" font-size="10" font-weight="600">KAgent Scanner (New)</text> <text x="340" y="163" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">15 Rego policies · 42 security points</text> <!-- KAgent Plugin --> <rect x="240" y="80" width="200" height="42" rx="6" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="1"/> <text x="340" y="98" text-anchor="middle" fill="var(--foreground)" font-size="10" font-weight="600">KAgent Plugin</text> <text x="340" y="113" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">AI agents query security posture</text> <line x1="340" y1="122" x2="340" y2="130" stroke="var(--foreground-secondary)" stroke-width="1" marker-end="url(#arr3)"/> <!-- Storage --> <rect x="20" y="80" width="200" height="42" rx="6" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="1"/> <text x="120" y="98" text-anchor="middle" fill="var(--foreground)" font-size="10" font-weight="600">Kubescape Storage (GA)</text> <text x="120" y="113" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">Aggregated API · decoupled from etcd</text> <line x1="120" y1="122" x2="120" y2="130" stroke="var(--foreground-secondary)" stroke-width="1" marker-end="url(#arr3)"/> <!-- Compliance --> <rect x="130" y="36" width="200" height="36" rx="6" fill="var(--background)" stroke="var(--foreground-secondary)" stroke-width="1"/> <text x="230" y="50" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">CIS Benchmark 1.12 · NSA-CISA · MITRE ATT&CK</text> <text x="230" y="64" text-anchor="middle" fill="var(--foreground-secondary)" font-size="8">Compliance Reporting</text> <defs><marker id="arr3" viewBox="0 0 10 10" refX="10" refY="5" markerWidth="6" markerHeight="6" orient="auto"><path d="M 0 0 L 10 5 L 0 10 z" fill="var(--foreground-secondary)"/></marker></defs> </svg>

Runtime Threat Detection

Previous versions of Kubescape focused on configuration scanning: checking whether deployments violated CIS benchmarks, whether RBAC policies were too permissive, or whether containers ran as root. Version 4.0 adds runtime threat detection using eBPF probes that monitor actual system behaviour: network connections, process execution, file access patterns, and system calls.

The detection engine uses CEL (Common Expression Language) rules rather than traditional signature matching. This approach filters over 95% of CVE-related noise that plagues signature-based runtime scanners, surfacing only behaviourally significant threats.

KAgent security scanning

KAgent, the CNCF Sandbox project for defining AI agent workloads as Kubernetes custom resources, introduces a new attack surface. An AI agent with access to cluster APIs can inspect secrets, modify deployments, or exfiltrate data through permitted network paths.

Kubescape 4.0 ships a scanner that evaluates KAgent CRDs against 15 Rego policies covering 42 security-critical configuration points. These policies check privilege boundaries, network access rules, secret access permissions, and resource limits for agent workloads.

A companion KAgent plugin allows AI agents themselves to query the cluster's security posture at runtime. An agent about to execute a deployment change can check whether its target namespace has active threat alerts, review the RBAC permissions it holds, and verify that no runtime anomalies have been detected on the target pods.

Architecture changes

The host-sensor DaemonSet, which required privileged access to nodes in earlier versions, has been removed entirely. Its functionality is now handled by a unified node-agent that runs with standard Kubernetes permissions. This eliminates the need for elevated privileges and removes the security concern of running high-privilege DaemonSets in production clusters.

The new Kubescape Storage component uses an Aggregated API to decouple security metadata from etcd. Security scan results, compliance reports, and threat detection data are stored separately from Kubernetes state, reducing etcd load and improving query performance.

Compliance coverage

Kubescape 4.0 supports the following frameworks out of the box:

  • CIS Kubernetes Benchmark v1.12 (vanilla Kubernetes)
  • CIS Benchmark v1.8 (EKS and AKS)
  • NSA-CISA Kubernetes Hardening Guidance
  • MITRE ATT&CK for Containers

Installation

# Install Kubescape CLI
curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | bash

# Scan a framework
kubescape scan framework nsa --exclude-namespaces kube-system

# Scan with KAgent controls
kubescape scan framework custom --controls 'KAgent-*'

CNCF and community

Kubescape graduated to CNCF incubating status in January 2025. The project has accumulated over 11,000 GitHub stars and is used by more than 25,000 organisations, including Intel, AWS, and Bitnami. Version 4.0 is available now from the GitHub releases page.

The release arrives at a moment when Kubernetes clusters are increasingly running AI agent workloads alongside traditional applications. The security model that assumed all workloads were defined at deploy time no longer holds. Kubescape 4.0 acknowledges this shift by adding runtime detection and agent-specific scanning alongside its existing configuration checks.