Danny Wei

New kernel vulnerabilities keep coming. When a critical CVE drops — especially one that enables container escape — security teams face a familiar scramble: read the advisory, study the PoC, figure out what to block, write mitigation rules, validate they won't break production, then roll them out. Even with AI assistance for individual steps, the end-to-end cycle still takes hours — and the work is largely repetitive across different CVEs. Can we use an AI Agent to compress this further?

We built the vArmor Vulnerability Policy Generator to do exactly that. It's an AI-powered Skill that takes vulnerability information (CVE ID, PoC repo, write-up) as input and produces vArmor mitigation rules targeting the specific vulnerability — ready for you to integrate into your existing policies and deploy. In this post, we walk through the Skill's design, demonstrate it against the recently disclosed Dirty Frag vulnerability, and discuss how to get the most out of it.

In vArmor v0.10.0, we introduced the NetworkProxy enforcer — a sidecar-based transparent proxy that brings L4/L7 network access control to Kubernetes workloads. While v0.10.0 could already enforce allow/deny policies on plaintext HTTP and TLS SNI, HTTPS encrypted traffic remained a black box: the proxy could see the destination domain via SNI, but could not inspect request paths, headers, or response bodies.

vArmor v0.10.1 completes the Phase 2 of the NetworkProxy enforcer by adding TLS Man-in-the-Middle (MITM) capabilities, unlocking deep HTTPS inspection, automatic header injection, and anti-Domain-Fronting protection. This release also introduces IPv6 dual-stack support, configurable sidecar resource quotas, a ConfigMap-to-Secret migration for improved security, and demonstrates rapid CVE response capabilities through the CVE-2026-31431 mitigation case study.

With the explosive growth of AI Agents, more and more enterprises are deploying Agents in Kubernetes clusters as containerized workloads. These Agents typically need to call external LLM APIs (such as OpenAI, Anthropic, etc.), execute code, access tool plugins, and even connect to various external services through MCP (Model Context Protocol). However, the high degree of autonomy of Agents also brings new security challenges — how can we ensure that an Agent only accesses authorized network resources?

vArmor v0.10.0 introduces the brand-new NetworkProxy enforcer, which implements L4/L7 network traffic interception and access control through a sidecar proxy architecture, providing fine-grained network security protection for AI Agent workloads. This article focuses on this core feature and its application in AI Agent protection scenarios.

vArmor 0.8.0 further enhances network access control and observability, and refactors the DefenseInDepth mode to provide a more flexible whitelist security protection system for cloud-native environments. This article focuses on the core new features of vArmor 0.8.0 to help you quickly understand and apply them.

We briefly introduced the application scenarios of vArmor in the article "application scenarios". In terms of "hardening privileged container", when facing the challenge that it is difficult for enterprises to demote privileged containers in accordance with the principle of least privilege, we mentioned that the experimental feature of vArmor - the behavior modeling mode can be used to assist in demoting privileges.

This article will provide you with a detailed introduction to the necessity, challenges, and methods of removing privileged containers. It will also demonstrate through two use cases how to use the behavior modeling and observation mode features of vArmor to assist in demoting the privileges of privileged containers, thereby helping enterprises improve the security level of their cloud-native environments.

With the advent of the era of large language models, AI applications based on LLMs have been constantly emerging. This has also given rise to AI application development platforms represented by Coze, Dify, Camel, etc. These platforms provide visual design and orchestration tools, enabling users to quickly build various AI applications using no-code or low-code approaches with the capabilities of large language models (LLMs), thus meeting personalized needs and realizing business value.

An AI application development platform is essentially a SaaS platform, where different users can develop and host AI applications. Therefore, the platform needs to pay attention to the risk of cross-tenant attacks and take corresponding preventive measures. This article will take the actual risk of the "code execution plugin" as an example to demonstrate the necessity of isolation and hardening. It will also introduce to you how to use vArmor to harden plugins, thereby ensuring the security of the platform and its tenants.

Welcome to the vArmor Blog, where we will publish the latest news, application practices, case studies, and more related to vArmor, enabling you to have a better understanding of vArmor and make the most of it.

We also welcome you to contribute to us and share your experience in applying vArmor.