Version 4.0 of the open source Kubernetes security platform Kubescape has been released, delivering runtime threat detection and a new set of security features for the AI era. This is the first time this project has targeted the security of the AI agent itself in addition to established scanning capabilities.
The announcement, published on the CNCF blog during KubeCon + CloudNativeCon Europe 2026 and written by Kubescape Core Maintainer Ben Hirschberg, describes the headline changes in 4.0 as the move to general availability for Runtime Threat Detection and Kubescape Storage.
Kubescape is an open source Kubernetes security platform maintained as a CNCF incubation project. Scan your clusters, Helm charts, YAML manifests, and CI/CD pipelines for misconfigurations, vulnerabilities, and RBAC violations. It has runtime threat detection that learns normal workload behavior, alerts on deviations, and reduces CVE noise by over 95%. Native integration with tools like VSCode and GitHub Actions allows teams to build in security checks early in the development process without disrupting workflows.
The runtime threat detection engine relies on detection rules (based on common expression language) that work directly against application profiles in Kubescape. This engine monitors processes, Linux functions, system calls, network and HTTP events, and file system activity. Rules and RuleBindings are now managed as Kubernetes CRDs, and alerts can now be forwarded to AlertManager, SIEM tools, Syslog, Stdout, or HTTP webhooks. Hirschberg wrote that the engine has been rigorously tested and proven to be stable in large-scale environments.
Kubescape Storage also reached GA with this release. Use Kubernetes aggregation APIs to store security metadata such as application profiles, SBOMs, and vulnerability manifests in a dedicated layer and exclude that data from standard etcd instances. Amir Malka, the new maintainer for this release, announced the basic approach at KubeCon + CloudNativeCon North America 2025.
This architecture has been proven to meet the demands of large, dense clusters and provide the performance required by modern enterprise environments.
– Ben Hershberg
This release also removes the Host Sensor, a “pop-up” DaemonSet previously used for node scanning. The Kubescape community had flagged this approach as intrusive and difficult to audit from a security perspective. The host agent has been deprecated as well, and its functionality has been built into the node agent via a direct API between core Kubescape microservices. The result is one agent per node, which Hirschberg claims makes the security posture “more stable and easier to audit.”
There are other AI-related additions in two directions, which Hirschberg describes as “two sides of the AI security coin.” The first is a KAgent native plugin that allows the AI assistant to query the Kubernetes security posture from within the cluster. Through this plugin, the agent can use ApplicationProfiles and NetworkNeighborhoods to inspect vulnerability manifests, check configuration scans for RBAC issues, find guidance to remediate issues, and check container behavior at runtime. The second element is a security scan specific to KAgent itself, a CNCF sandbox project for AI orchestration. KAgent was accepted into the CNCF Sandbox in May 2025 as an open-source framework for building Kubernetes-native AI agents with an architecture based on the Model Context Protocol. Because KAgent establishes a pathway between AI models and enterprise infrastructure, the Kubescape team maintains that its configuration requires the same level of scrutiny as other workloads.
Robust security guardrails are required to prevent agents from being exploited for high-risk actions such as unauthorized access or deletion of operational data.
– Ben Hershberg
Kubescape 4.0 introduces 15 controls based on OPA’s Rego language, covering 42 security-critical configuration points in KAgent’s CRD. These controls check for errors such as empty security contexts in default deployments, missing network policies, and excessive privileges for controller-wide namespace monitoring. This approach builds on Kubescape’s existing Rego-based framework, which already supports compliance standards such as the NSA-CISA and MITER ATT&CK frameworks. The 4.0 release adds support for CIS benchmark version 1.12 for vanilla Kubernetes and 1.8 for EKS and AKS.
Many of the new features in Kubescape 4.0 address the increasing adoption of agent AI in Kubernetes environments. Shakudo’s documentation on deploying production-grade AI agents on Kubernetes states that kagent provides “tools, resources, and AI agents to help automate configuration, troubleshooting, observability, and network security.” As these agents gain greater autonomy and deeper access to the infrastructure, the attack surface they represent becomes a practical rather than a theoretical issue. A LinkedIn post from Craine.io about KAgent’s graduation from the CNCF sandbox states, “AI workload orchestration is no longer just about containers. It’s about building a resilient and scalable intelligence infrastructure.”
The Kubescape 4.0 release is one of the first systematic attempts to apply cloud-native security tools to the agents themselves, not just the workloads they manage. Kubescape entered the CNCF Sandbox in 2022 and was approved as a CNCF Incubating Project in January 2025. This project is maintained by ARMO and accepts contributions from the wider community.
