Exactly one week ago, Sven and I had the incredible opportunity to give our very first talk at KubeCon + CloudNativeCon 2026: How To Break Multi-Tenancy Again and Again …and What We Can Learn From It. We discussed the challenges of namespace-based multi-tenancy and presented real-world exploits in Kubeflow, Istio, and Traefik that bypass threat boundaries between namespaces and workloads. Based on these problems, we developed a methodology to assess and address them. You can find the methodology discussed in the talk in detail in another blog post or on GitHub. You can also find the slides here.
From the moment the session started, people just kept coming in, even as the room was already filling up fast. Seeing that level of interest and engagement in our topic was both exciting and energizing. Standing on stage in front of such a large and curious audience was an unforgettable experience for us.
What made it even more special was the feedback. Right after the talk and even in the days that followed, we received so many positive comments, thoughtful questions, and encouraging words. It means a lot to see that our work resonates with the community.
One of the highlights of the conference was meeting some of the people and projects we had previously only interacted with during our disclosure process in person. It’s incredibly rewarding to see that security research is not only taken seriously but actively appreciated and acted upon.
There have been many good talks on Kubernetes security. One of them was from Rory McCune, which showed the capabilities and limitations of Large Language Models (LLMs) in the context of Kubernetes security. It was interesting to see how he compared different models and demonstrated the techniques LLMs use to attack Kubernetes clusters.
Another highlight was the Istio Day on Tuesday and seeing the talk of Alfonso Ming and Jorge Turrado. Their talk focused on the ambient mesh and the real-world challenges in implementing it. They highly recommended the Gateway API in their talk, which pleased us, as we share the same idea, particularly when using Istio in multi-tenant setups.
Even now, a week later, the excitement is still very much alive. We’re already looking forward to returning to KubeCon + CloudNativeCon whether by submitting another talk or simply reconnecting with the many inspiring and positive people who make this community what it is.
We’ll also be publishing a white paper based on our talk soon, so stay tuned!
ERNW experts have been providing security consulting and in-depth assessments of complex Kubernetes environments for a decade. Please reach out to us if your organization needs competent support in this space.
There will also be a new 2-day training on Kubernetes Security at TROOPERS26. Stay tuned for the upcoming TROOPERS26 training announcements.