Tag: Multi-cloud
-
Hacking Kubernetes via ServiceAccountTokens
Kubernetes has a large amount of advancements and inherent good security principles but these are dependent on configurations that are typically not well-known to end users. Predominantly the constructs of Service Accounts or (Non-human Identities) for the masses are populated in many services as they act as the go-between for service to authenticate and operate…
-
Evaluations in Azure Foundry
Evaluations in the application of Generative AI serve as a backstop component to build trust and confidence in your AI-centric applications. Measuring the output and context as it is produced in your application can help you grasp in a verifiable method how your application will perform under certain conditions. Given the natural language usage of…
-
Image Policy Webhook
Image Policy Webhook is a native Kubernetes admission plugin that enforces security policies by validating container images before they are deployed. This ensures that only trusted and compliant images run in your environment. This will take the image that is attempted to be applied compare against predefined policies, and if those policies allow the image…
-
Garak Red Teaming LLMs
As Generative AI is playing a role in multiple organizations so is the popularity of tools for identifying risks and vulnerabilities. In this blog I’m exploring Garak a LLM vulnerability scanner developed by NVIDIA and is a OSS project to help strengthen LLM Security. When the term “Red Team” appears in the approach of simulation…
-
Bill of Materials CKS Refresher
A Software Bill of Materials (SBOM) is like the ingredients list on your food package—it reveals what components, libraries, and dependencies go into building the final software. Just as checking food labels helps you understand nutritional content and potential allergens, an SBOM provides transparency into third-party components, helping identify vulnerabilities early in the software supply…
-
ABAC In Kubernetes
Attribute-based access control (ABAC) is a powerful feature in Kubernetes that allows administrators to define fine-grained permissions for users and groups. Unlike traditional role-based access control (RBAC), ABAC enables a more granular approach to specify what actions can and cannot be performed. However, implementing ABAC can become complex as modifications increase over time. This blog…
-
Phi-3.5 Mixture of Experts
Introduction Microsoft has open-sourced its Phi-3.5 Mixture of Experts model recently on the Azure AI Studio catalog provided as a (Model-as-a-Service) that you can run on Azure or you can also use Huggingface to utilize this model. The first question depending how much you’re following along with the constant upstream releases of models is the…
-
Batch Jobs in Azure OpenAI
Introduction In the existing landscape of Generative AI, optimizing API submissions is crucial for both cost and performance. Whether you’re fine-tuning token usage or streamlining context-aware requests using Retrieval-Augmented Generation (RAG), finding the right tools can make a significant difference. One of the most promising solutions is the Azure OpenAI Batch API, designed specifically for…
-
Mutability of FIPS on AKS
Introduction Your in compliance and tasked with identifying which microservice supported supports Federal Information Processing standards. Operations are dynamic and can change from supporting a business unit that might have this requirement, so what are you options if you have to revert and keep the cluster? Currently in Azure Kubernetes Service this has been capable…
-
Artifact Registry VEX in GCP
Introduction Vulnerability Exchange (VEX) or Vulnerability Exploitability eXchange is a communication format that is used to share detailed information about the exploitability of vulnerabilities in software products. VEX documents provide essential details about vulnerabilities, focusing on whether they are exploitable in the specific context of the software or environment in which they are found. Given…