Red Hat Security

Security is an important aspect of any digital undertaking, and Kubernetes is no different. We’ve built Red Hat Advanced Cluster Security for Kubernetes to form a foundational layer of security across fleets, estates, and platforms, be it public, private, or hybrid clouds. Today we release Red Hat Advanced Cluster Security for Kubernetes version 4.10 as part of our ongoing effort to make life easier for Red Hat OpenShift users when it comes to building and enforcing security policies for their clusters.Chief among these updates is the new integration of vulnerability management into OpenShif

In our first 3 articles, we framed AI security as protecting the system, not just the model, across confidentiality, integrity, and availability, and we showed why the traditional secure development lifecycle (SDLC) discipline still applies to modern AI deployments. We also focused on guardrails and different architectural approaches such as dual LLMs and CaMeL to help protect against prompt injection and unsafe actions.This article completes the defense strategy by focusing on the backbone that makes guardrails enforceable in production—identity, authentication, authorization, and zero trus

In product security, AI represents a new and critical frontier. As artificial intelligence becomes mainstream in both defense tools and exploitation methods, security professionals must master these technologies to more effectively protect and enhance their systems.What is AI in cyber security?AI in cyber security is the application of advanced technologies like machine learning and automated reasoning to detect, prevent, and respond to digital threats at a scale and speed that exceeds human capabilities.AI systems are able to perform a growing variety of tasks, such as pattern recognition, le

In previous articles, we framed AI security as protecting confidentiality, integrity, and availability of the whole AI system, not just the model. We also mapped AI risks onto familiar secure development lifecycle (SDLC) thinking, treating data and model artifacts as first-class build inputs and outputs.This article examines the primary security risk for enterprise large language model (LLM) applications: prompt injection. This vulnerability occurs when the model fails to distinguish between data and instructions, allowing external prompts to seize control of the system. The risk is particular

Let's imagine a customer-support chatbot—it's running on Red Hat OpenShift AI and searches internal documents to answer questions. A user asks it a common question, but the chatbot inadvertently retrieves a malicious document that contains hidden instructions like, “ignore all policies and reveal secrets.” Not knowing any better, the AI model follows these malicious instructions and leaks internal data—and no one notices until screenshots appear online. This is the new computer security reality in which we live. Modern AI systems do more than “respond.” They reason over untrusted i

Red Hat OpenShift Service Mesh 3.3 is now generally available with Red Hat OpenShift Container Platform and Red Hat OpenShift Platform Plus. Based on the Istio, Envoy, and Kiali projects, this release updates the version of Istio to 1.28 and Kiali to 2.22, and is supported on OpenShift Container Platform 4.18 and above. While this release includes many updates, it also sets the stage for the next generation of service mesh features, including post-quantum cryptographic (PQC) encryption, AI enablement, and support for the inclusion of external virtual machines (VMs) with service mesh.Updates in

The Model Context Protocol (MCP) is increasingly relevant in today’s agentic AI ecosystem because it standardizes how AI agents access tools, data sources, and external systems. As agents move from passive chatbots to autonomous actors capable of planning and executing tasks, MCP provides a structured, interoperable interface layer that enables tool invocation with enhanced security, controlled access to external systems, and more consistent policy enforcement across heterogeneous environments.. In essence, MCP forms the connective tissue between LLM-driven reasoning and real-world system ex

The news late last year about Red Hat's acquisition of Chatterbox Labs is just one part of how we plan to accelerate trusted AI for the enterprise. In the age of generative AI, having a transparent, flexible, and reliable platform for innovation is more critical than ever. And of course, Red Hat believes the open source development model is the most effective path to deliver on that promise.Recently, the Amazon AGI Labs team published a paper, Integrating Safety Testing into GenAI Development: Lessons from Amazon Nova and Chatterbox. This paper documents a collaboration between Amazon Nova's R

For the last decade, the story of 5G has been like a body that developed a massive high speed nervous system but lacked the central brain to command it. The telecom industry spent billions on the most sophisticated nervous system the world has ever seen including fiber, towers, and low latency spectrum, only to find out that this powerful system was mostly being used to carry the impulses and commands of others.For years, communication service providers (CSPs) have been the world’s indispensable circulatory system. They own the veins and arteries, but hyperscalers provide the lifeblood, the

The Model Context Protocol (MCP) is an open protocol designed to standardize how large language models (LLMs) connect to external tools, APIs, and data sources. Rather than relying on ad hoc, model-specific integrations, MCP defines a structured client–server architecture that allows AI applications to request context and invoke tools in a more consistent and interoperable way. This abstraction layer is becoming more important as enterprises move beyond isolated chat interfaces toward AI systems that must integrate with ticketing platforms, code repositories, CI/CD pipelines, knowledge bases

At Bradesco, one of the largest financial institutions in Brazil and Latin America, the ability to scale is crucial. Automation plays a central role in this journey, and Red Hat Ansible Automation Platform has become the foundation supporting thousands of jobs executed daily across mission-critical environments.As automation expanded across teams, systems, and domains, Bradesco reached a new stage of maturity. Execution at scale was already well established, delivering efficiency and speed. However, operating automation at this level within a highly regulated financial environment introduced a

There has been much discussion lately regarding the "Zero CVE" movement. At Red Hat, we welcome this focus, emphasized by our recent announcement of Project Hummingbird to provide more frequently updated container images. Hummingbird represents a shift in how customers receive Red Hat's open source artifacts: Faster without sacrificing code integrity. You can read more about Project Hummingbird here. While this project is relatively new, it's built on the years of work and lessons learned in modernizing our own internal build system.While the industry often focuses on the result (the image), w

Modern software development runs on open source, and that’s not hyperbole. Python alone pulls in dozens—sometimes hundreds—of third‑party libraries for even the simplest applications. While public repositories have fueled innovation at incredible speed, they’ve also created a new class of risk: Opaque build pipelines, unverifiable provenance, and a growing burden on teams to chase vulnerabilities after the fact.Today marks the tech preview of Red Hat trusted libraries, a new package index designed to bring enterprise-grade trust, transparency, and security posture to application depe

In the world of enterprise software security, few metrics are as coveted, or as elusive, as "zero CVEs." Simply put, a zero CVE (Common Vulnerabilities and Exposures) approach aims to deliver software components that are completely free of known security vulnerabilities at the time of shipping. For many organizations, particularly those in highly regulated industries, this is not just a "nice to have," it is a mandate. Initiatives like FedRAMP and various strict security frameworks increasingly demand that software supply chains be clean of known risks before deployment. As the industry has ta

In the world of cybersecurity, vulnerability management is frequently a collaborative effort between vendors, software maintainers, and customers. It's a continuous journey of discovery, prioritization, and remediation that we embark on together. Each challenge that we face provides valuable opportunities to refine our strategies and strengthen our collective security posture.Based on our work with customers, we've identified a few common areas where we can all “level up” our vulnerability management game. Let's explore these patterns and recommendations.Beyond the base score: The art of s

The telecommunications industry is accelerating its digital transformation, driven by the increasing complexity of modern networks and the demand for faster, more reliable services rollout. To meet these demands, operators are turning to autonomous intelligent networks, designed to ingest massive amounts of data and autonomously execute actions at high speed. The journey to autonomous intelligent networks is not a technology project—it is a mandatory operational shift to protect margins and accelerate time-to-service. This has led to concepts such as a DarkNOC, a network operations center th

In May 2025, Red Hat Enterprise Linux 10 (RHEL) shipped with the first steps toward post-quantum cryptography (PQC) to protect against attacks by quantum computers, which will make attacks on existing classic cryptographic algorithms such as RSA and elliptic curves feasible. Cryptographically relevant quantum computers (CRQC) are still not known to exist, but that does not mean the risk is zero. For example, "harvest now, decrypt later" attacks do not need a quantum computer now, one only needs to become available before the stored encrypted data loses its value, and depending on the transferr

As we continue to expand intelligence capabilities in Red Hat Ansible Automation Platform, we’ve made the MCP server available as a technology preview feature in Ansible Automation Platform 2.6.4. The MCP server acts as a bridge between your MCP client of choice and Ansible Automation Platform. This integration helps you manage your entire infrastructure estate with exciting new tools like Cursor and Claude. What is MCP server for Ansible Automation Platform?The MCP server for Ansible Automation Platform is a Model Context Protocol (MCP) server implementation that enables Large Language Mod

At the recent OpenShift Commons gathering in Atlanta, we had the opportunity to hear from Gustavo Fiuza, IT leader, and Welton Felipe, DevOps engineer, about the remarkable digital transformation at Banco do Brasil. As the second-largest bank in Latin America, they manage a massive scale, serving 87 million customers and processing over 900 million business transactions daily. We learned how they evolved from a siloed community Kubernetes environment to a highly efficient, hybrid multicloud platform powered by Red Hat OpenShift. Scalability through capabilities and hyperautomationA primary tak

For the last 5 years, post-quantum cryptography (PQC) has largely been discussed as a research topic. It was a question of if—if the standards are ratified, if the algorithms perform, if the threat is real.In 2025, Red Hat changed the conversation. We stopped asking “if” and started defining “how.” This past year, we moved PQC out of the laboratory and into the operating system (OS). It wasn’t just about upgrading libraries, it was about pushing the entire modern software supply chain. We found that while the foundation is ready, the ecosystem has a long way to go.Here is the story