Technical content for DevOps, Kubernetes, cloud infrastructure, and SaaS.https://kaden-projects.com/https://kaden-projects.com/blog/vibe-coding-security-debt-ai-generated-cve-surge/https://kaden-projects.com/blog/vibe-coding-security-debt-ai-generated-cve-surge/74 confirmed CVEs traced to AI-generated code. 45% OWASP failure rate. Learn how to build the CI/CD security pipeline your AI coding tools require.Wed, 17 Jun 2026 00:00:00 GMThttps://kaden-projects.com/blog/securing-kubernetes-http2-ingress-protocol-attacks/https://kaden-projects.com/blog/securing-kubernetes-http2-ingress-protocol-attacks/CVE-2026-49975 exhausts 32 GB of server memory in seconds. ingress-nginx won't be patched. Per-controller hardening guide for Envoy, NGINX, and HAProxy.Thu, 04 Jun 2026 00:00:00 GMThttps://kaden-projects.com/blog/ai-vulnerability-discovery-arms-race/https://kaden-projects.com/blog/ai-vulnerability-discovery-arms-race/How AI vulnerability discovery changed security in May 2026: the first criminal zero-day, OpenAI Daybreak, Anthropic Glasswing, and what to do now.Tue, 12 May 2026 00:00:00 GMThttps://kaden-projects.com/blog/trustfall-mcp-config-poisoning-rce/https://kaden-projects.com/blog/trustfall-mcp-config-poisoning-rce/TrustFall exploits MCP config poisoning to enable one-click RCE in Claude Code, Gemini CLI, Cursor, and Copilot CLI. Enterprise defenses here.Fri, 08 May 2026 00:00:00 GMThttps://kaden-projects.com/blog/securing-ai-agents-cicd-pipelines/https://kaden-projects.com/blog/securing-ai-agents-cicd-pipelines/Comment and Control hijacked Claude Code, Gemini CLI, and Copilot in CI/CD. Learn how to secure AI agents in your CI/CD pipeline with OIDC and Kubernetes.Sun, 03 May 2026 00:00:00 GMThttps://kaden-projects.com/blog/securing-ai-coding-agent-infrastructure-access/https://kaden-projects.com/blog/securing-ai-coding-agent-infrastructure-access/A Cursor AI agent deleted PocketOS's database in 9 seconds. Secure AI coding agent infrastructure with RBAC, token scoping, Kyverno, and backup isolation.Tue, 28 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/securing-ai-inference-servers-kubernetes/https://kaden-projects.com/blog/securing-ai-inference-servers-kubernetes/Seven CVEs, three frameworks, one month. Map the April 2026 AI inference attack surface on Kubernetes and apply controls that stop vulnerability classes.Tue, 28 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/mcp-stdio-rce-by-design-kubernetes-defense/https://kaden-projects.com/blog/mcp-stdio-rce-by-design-kubernetes-defense/MCP STDIO executes arbitrary OS commands by design. 30+ RCE CVEs, 14+ AI tools affected, and the Kubernetes admission controls that stop it.Mon, 27 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/securing-ai-agents-infrastructure-layer/https://kaden-projects.com/blog/securing-ai-agents-infrastructure-layer/Platform engineer's guide to securing AI agents on Kubernetes with cryptographic identity, protocol-aware gateways, admission control, and CNCF KARs.Sat, 25 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/teampcp-supply-chain-campaign-anatomy/https://kaden-projects.com/blog/teampcp-supply-chain-campaign-anatomy/TeamPCP supply chain attack: how one unrotated token compromised five ecosystems and 500,000 machines. Timeline, IOCs, and CI/CD hardening.Fri, 24 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/cloudflare-ai-agent-infrastructure-vs-kubernetes/https://kaden-projects.com/blog/cloudflare-ai-agent-infrastructure-vs-kubernetes/Architecture comparison: Cloudflare Dynamic Workers, Sandboxes, and Mesh vs Kubernetes Agent Sandbox, gVisor, Kata, and NVIDIA OpenShell for AI agents.Wed, 22 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/ingress-nginx-envoy-gateway-migration/https://kaden-projects.com/blog/ingress-nginx-envoy-gateway-migration/Complete guide to migrating from ingress-nginx to Envoy Gateway v1.7.2 in production. Covers Ingress2Gateway 1.0, cert-manager, and zero-downtime cutover.Tue, 21 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/istio-ai-inference-routing-kubernetes/https://kaden-projects.com/blog/istio-ai-inference-routing-kubernetes/Istio 1.29: GIE v1 inference routing and ambient mode for GPU memory savings. Agentgateway is a standalone proxy - Istio integration targets 1.30.Mon, 20 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/securing-ai-agent-mcp-kyverno/https://kaden-projects.com/blog/securing-ai-agent-mcp-kyverno/Enforce least-privilege on AI agent MCP tool calls using Kyverno admission policies and agentgateway External Authorization on Kubernetes.Mon, 20 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/helm-4-migration-guide/https://kaden-projects.com/blog/helm-4-migration-guide/What breaks in the Helm 3 to Helm 4 migration: SSA defaults, kstatus RBAC changes, plugin manifest requirements, and a five-phase staging-first rollout.Sat, 18 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/a2a-v1-platform-engineers/https://kaden-projects.com/blog/a2a-v1-platform-engineers/How platform engineers route, secure, and observe A2A v1.0 traffic on Kubernetes. Covers service mesh, Dapr, Agent Gateway, and OpenTelemetry.Fri, 17 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/securing-ai-ml-supply-chains-kubernetes/https://kaden-projects.com/blog/securing-ai-ml-supply-chains-kubernetes/How a poisoned Trivy GitHub Action escalated to Kubernetes cluster takeover - and the K8s-native controls that would have stopped it at each stage.Fri, 17 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/kubernetes-1-36-production-upgrade-guide/https://kaden-projects.com/blog/kubernetes-1-36-production-upgrade-guide/Kubernetes v1.36 ships late April 2026 with 3 permanent removals and 18 stable features. Pre-upgrade checklist, migration steps, and what to adopt first.Thu, 16 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/building-agent-ready-kubernetes-platform/https://kaden-projects.com/blog/building-agent-ready-kubernetes-platform/How to build an agent-ready Kubernetes platform: Agent Sandbox, DRA for GPU scheduling, isolation tiers, KEDA scale-to-zero, and OTel tracing.Thu, 16 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/microsoft-agent-framework-1-0/https://kaden-projects.com/blog/microsoft-agent-framework-1-0/Build production multi-agent systems with Microsoft Agent Framework 1.0. Covers MCP, A2A, orchestration patterns, checkpointing, and observability.Wed, 15 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/kubernetes-llm-inference-stack-2026/https://kaden-projects.com/blog/kubernetes-llm-inference-stack-2026/Run LLMs at scale on Kubernetes with llm-d, GPU DRA, KAI Scheduler, and Grove — the new Kubernetes-native inference stack from KubeCon EU 2026.Tue, 14 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/dapr-agents-kubernetes-production-guide/https://kaden-projects.com/blog/dapr-agents-kubernetes-production-guide/Run production AI agents on Kubernetes with Dapr Agents v1.0: DurableAgent recovery, scale-to-zero actors, mTLS security, and framework comparison.Tue, 14 Apr 2026 00:00:00 GMThttps://kaden-projects.com/blog/kubernetes-resource-limits/https://kaden-projects.com/blog/kubernetes-resource-limits/Set Kubernetes CPU and memory requests and limits correctly in production. Covers QoS classes, LimitRange, VPA, and in-place pod resize in K8s 1.35.Mon, 13 Apr 2026 00:00:00 GMT