About
I'm currently VP, Global Field CTO at Solo.io, where I help organizations adopt…
Articles by Christian
Activity
13K followers
-
Christian Posta shared thisWe have updated our book "AI Agents in Kubernetes" and gave out about 300 signed copies at KubeCon EU last week! If you couldn't be in person, I invite you to download the digital version (see link in comments). cc Lin Sun
-
Christian Posta reposted thisChristian Posta reposted thisIn her KubeCon keynote, Solo.io Founder & CEO Idit Levine addressed why most AI agent pilots fail to reach production. Developers build fast across frameworks, but Kubernetes lacks native support for agents, tools, and skills. core message: Kubernetes must evolve from cloud-native to agent-native for real production success. https://lnkd.in/eZ8cnCvpSponsored Keynote: From Pilot to Production: Scaling and Optimizing Agen... Idit Levine & Keith BaboSponsored Keynote: From Pilot to Production: Scaling and Optimizing Agen... Idit Levine & Keith Babo
-
Christian Posta reposted thisChristian Posta reposted thisI got to sit down with Louis Ryan and talk about the evolution of service communication, including some of the work we did together on OpenAPI, gRPC, and Service Mesh. https://lnkd.in/emNUwQayThe Evolution of Service Communication: REST, gRPC, and Service Mesh | Louis Ryan & Dan CiruliThe Evolution of Service Communication: REST, gRPC, and Service Mesh | Louis Ryan & Dan Ciruli
-
Christian Posta shared thisI blogged about “agent mesh” a year ago or so. Here it is in action.Christian Posta shared thisThe agentgateway project is best known as a proxy for LLMs, MCPs, and agents. But John Howard and I've been helping organizations use it as an Istio ambient waypoint / egress gateway to solve a surprisingly hard problem: Securely routing pod traffic through a corporate web proxy... transparently. #agentgateway can act as a forward proxy inside the mesh for all traffic (not just agentic): - Pods just call external hosts normally -- no HTTP_PROXY env vars - Proper CONNECT tunnels to the corporate proxy - Auto-injected Proxy-Authorization headers - TLS origination, SPIFFE identity logging, declarative whitelisting If you're dealing with egress + corporate proxy challenges in #Istio, DM me -- happy to walk through the architecture. Check out and ⭐ https://lnkd.in/eu5E7YQk
-
Christian Posta posted thisLove how conference CFPs for AI related/adjacent conferences want you to submit 6 to 8 months in advance. What world is that?
-
Christian Posta posted this🧐 I have been asked a number of times "can i just use OAuth client_id" as my agent identity? The answer I give is "no, it's not a good approach". client_id on its own doesn't strongly prove which specific agent made and executed on a decision. client_id in OAuth is tied to a redirect / callback URL. Anything that has/controls that redirect "is the agent" in that case. 👉 Now if you introduce a client_secret, this a step in the right direction, but still not ideal for AI agents. First, anything that holds that client secret "is the agent". That could be by design (the same type of all gets the same secret), or because the secret got leaked in an env file. 👉 Because of this, enterprises are best to stay away from anything like anonymous dynamic client registration for any type of agent identity, because it will mean essentially nothing. What about Client ID Metadata Documents? ⏲️ This alone is not enough, but again, a step in the right direction. Proving you control a domain and can publish a doc is a stronger guarantee than just bearer credentials, but we can still do better. 🔎 The answer here is tying an agent identity to cryptographic proof. For example something like SPIFFE encodes an agent's identity into a SPIFFE SVID (x509 cert for mTLS or a JWT). 🔎 Another approach is with Agent-Auth (AAuth) that uses keys to sign and verify messages (or delegated tokens issued and backed by dpop keys).
-
Christian Posta shared this🔥 🔥 🔥 Here are my slides from KubeCon EU talk "Enterprise Challenges with MCP Adoption"! Thanks to all who joined live. Recording should be available soon on the KubeCon Youtube channel Cloud Native Computing Foundation (CNCF) solo.io
-
Christian Posta posted thisI am very sorry to hear about the LiteLLM supply chain compromise. But incredible how lucky we are it was discovered and revoked in a couple hours!!
-
Christian Posta reposted thisChristian Posta reposted thisChristian Posta and me will be at our booth at 10:30AM after the day 2 keynote, signing 2 books we did together 🎉 Our AI agents in k8s book was a hit today and we had to hold the remaining 1/3 for the book signing tomorrow.😅 #KubeCon #CloudNativeCon Europe
Christian Posta commented on a post
3h
Book Link: https://www.solo.io/resources/report/ai-agents-in-kubernetes
Christian Posta replied to a comment
1d
Venkat Raghavan looks interesting. very much modeled after oauth, bearer tokens, centralized, etc. even so much so to carry over the authorization code stuff from oauth. but i'm not sure why you'd even need that if using strongly identified agents and no browser?
the audit logging looks good. i think that should be table stakes. the agent registration stuff seems a little manual with no runtime attestation if running within an enterprise/trust domain, etc.
but i think it prob has room to grow. a lot of these are still early and working on the same problems! will keep an eye, thanks for sharing!
-
Christian Posta liked thisChristian Posta liked thisHow are AI Agents used? That's the insight from the UK's AI Security Institute. The UK AI Security Institute just published one of the most comprehensive empirical analyses of how AI agents are actually being used in the real world. They analyzed 177,000 MCP tools across 19,000+ servers from November 2024 to February 2026. What's cool is it's not surveys or projects, but actual tool creation and download data from the agent ecosystem. ↳ Software development dominates with 67% of all agent tools and 90% of downloads. ↳ Action tools are surging. The share of tools that let agents directly modify external environments, such as edit files, send emails, execute transactions, rose from 27% to 65% of total usage in just 16 months. Agents are shifting from reading the world to changing it, and this is the most critical finding in the report in my opinion. ↳ General-purpose tools are driving the growth. Browser control, computer use, arbitrary code execution, unconstrained environments where agents can do essentially anything a human can do at a keyboard. ↳ 62% of new MCP servers are now AI-co-authored. Up from 6% in January 2025. Claude Code accounts for 69% of AI-assisted server creation. Agents are building the tools for other agents, and tool creation is no longer bottlenecked by human developers. ↳ Mistakes are already happening in production. The paper documents agents deleting live databases and exposing hundreds of thousands of patient records, not because agents were compromised, but because they had tools to take irreversible actions. A key point is that an agent's risk profile isn't determined by its model. It's determined by its tools. An LLM that can recommend a stock is fundamentally different from an agent that can execute the trade. The action space is the attack surface. This is exactly why monitoring needs to extend beyond model outputs to the tool layer, looking to govern tool call behavior and authorization are so critical, as well as capabilities such as runtime detection and response, hard boundaries and intent analysis. This report is great real-world validation of where agents are already headed, and where security needs to be paying attention as agents begin to become pervasive across enterprise environments.
-
Christian Posta liked thisChristian Posta liked thisIn her KubeCon keynote, Solo.io Founder & CEO Idit Levine addressed why most AI agent pilots fail to reach production. Developers build fast across frameworks, but Kubernetes lacks native support for agents, tools, and skills. core message: Kubernetes must evolve from cloud-native to agent-native for real production success. https://lnkd.in/eZ8cnCvpSponsored Keynote: From Pilot to Production: Scaling and Optimizing Agen... Idit Levine & Keith BaboSponsored Keynote: From Pilot to Production: Scaling and Optimizing Agen... Idit Levine & Keith Babo
-
Christian Posta liked thisChristian Posta liked thisI got to sit down with Louis Ryan and talk about the evolution of service communication, including some of the work we did together on OpenAPI, gRPC, and Service Mesh. https://lnkd.in/emNUwQayThe Evolution of Service Communication: REST, gRPC, and Service Mesh | Louis Ryan & Dan CiruliThe Evolution of Service Communication: REST, gRPC, and Service Mesh | Louis Ryan & Dan Ciruli
-
Christian Posta liked thisChristian Posta liked thisAt KubeCon EU, Maia Iyer and I shared how the SPIFFE Identity Provider for Keycloak can simplify and harden the security of applications. Check out the presentation and demo to see it in action for yourself! * Presentation - https://sched.co/2DY1M * Demo - https://lnkd.in/eYW4Chpi #keycloak #SPIFFE #ZeroTrust #KubeCon #CNCF #RedHat #Security
-
Christian Posta liked thisChristian Posta liked thisI am honored to share that I was elected to the Istio Steering Committee as a community representative for the new 2026-2027 term, along with an excellent group of other contributor and community representatives. I am excited to work with the rest of the committee to help drive the Istio project forward over the next year, as Service Mesh technology continues to evolve and grow in the era of Agentic AI. Istio is a graduated Cloud Native Computing Foundation (CNCF) project that has proven sustained momentum, and with the introduction of agentgateway as a dataplane, the project continues to offer novel capabilities for running large-scale zero trust architectures. Working with Istio at solo.io was a turning point in my career; I pivoted hard into the cloud-native world when I saw the value that open-source infrastructure brought to the table. Kubernetes was a given to me, but Istio was the first project that really sold me on the rest of the cloud-native ecosystem as a unified stack. I continue to be excited every day to leverage cloud-native architecture to solve business problems in my role at GEICO. Faseela K, Craig Box, and zhonghu xu: congrats on your wins! I'm excited to work with you. #istio
Experience & Education
-
solo.io
View Christian’s full experience
See their title, tenure and more.
or
Recommendations received
-
LinkedIn User
1 person has recommended Christian
Join now to viewOther similar profiles
Explore more posts
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content