Tigera Launches Lynx, a Unified Control Plane for Kubernetes-native AI Agents

Built on a decade of deep Kubernetes Network Security experience, Lynx gives AI, platform, security, and compliance teams one place to discover, authenticate, authorize, govern, and audit every AI agent — with no agent code changes.

SAN JOSE, Calif., June 17, 2026 /PRNewswire/ -- Tigera, the inventor and maintainer of Calico Open Source, today announced the general availability of Tigera Lynx, a unified control plane for Kubernetes-native AI agents. Lynx gives enterprises a single place to find every agent in their Kubernetes estate, tighten posture, assign a sandbox, give each agent cryptographic identity, enforce policy on every action it takes, audit what agents actually do and detect anomalous behavior — without changing a line of agent code.

AI agents don't behave like the workloads enterprise security stacks were built for. They are autonomous and non-deterministic: they act on behalf of a user, reach for any tool, LLM, or other agent, have a delegation chain and read untrusted input. That leaves three teams looking at the same problem from different angles — the AI team would like to experiment with the latest technology and move fast, the platform engineering team is measured on deployment velocity but can't prove the platform is under control; and the security team is asked to approve agents for which they can't defend the posture. A valid credential doesn't guarantee good behavior, and the blast radius shifts every time a new agent or tool comes online or if there are changes in the platform.

Lynx sits in the path of every agent call — agent-to-agent, agent-to-tool, and agent-to-LLM — to authenticate, authorize, mediate, and audit each one. It plugs into the tools enterprises already run, including their identity provider (EntraID, Okta) or via SPIFFE/SPIRE, and existing observability systems, and is built on open standards rather than proprietary lock-in.

One control plane, five capabilities

• Discovery, registration, and observability. A central registry catalogs every agent with its owner, purpose, and version, while eBPF-powered auto-discovery finds agents nobody registered. Shadow agents are flagged and quarantined, and any agent's actions can be reconstructed end-to-end through OpenTelemetry traces.
• Configuration and posture management. AI-CSPM continuously evaluates every agent against a baseline, surfacing drift and over-permissions the moment they happen, with per-agent sandboxing and pre-built compliance packs mapping to GDPR, HIPAA, SOC 2, and financial services requirements. A Red Team Agent continuously probes for weaknesses in posture and misconfigurations.
• Identity and authentication. Every agent gets a verifiable cryptographic identity through integration into an enterprise's identity provider (EntraID, Okta) or through SPIFFE/SPIRE, with no shared secrets. Long-lived API keys are replaced by short-lived and tightly scoped, auto-rotated tokens. A JWT token is minted for every hop in a multi-agent workflow.
• Policy definition and enforcement. A single default-deny policy governs LLM, MCP, and agent access using the Cedar policy language, enforced at the gateway before any call executes — with no agent code changes. Misbehaving agents can be quarantined instantly and high-stakes calls routed to a human.
• Anomalous behavior detection. eBPF and LSM watch every syscall, network call, and file access at a layer agents can't tamper with, catching credential theft and lateral movement even when an action passes policy. This provides a forensic audit trail. Guardian Agent detects anomalous behavior and quarantines suspicious agents.

10 years of Kubernetes security expertise, now extended to AI agents & AI applications

"For over a decade, Tigera's Calico platform has served Global 2000 companies running the largest Kubernetes platforms in the world, securing tens of millions of mission-critical transactions every day. AI agents are the next class of workloads: autonomous, distributed, and increasingly embedded in critical business processes. Lynx brings that same unified control and security rigor to AI agents. We're building on our core competency — securing mission-critical workloads at scale on Kubernetes, in a highly performant way,"

said Ratan Tipirneni, CEO of Tigera.

"Control only matters if it's enforced uniformly. Lynx gives every agent a cryptographic identity, scopes credentials to a single hop, and evaluates every LLM, MCP, and tool call against a default-deny policy at the gateway — with no agent code changes. Because we watch behavior with eBPF and LSM at the kernel, we can detect an agent going wrong even when it carries a valid credential, and produce a reproducible audit trail to prove it,"

said Peter Kelly, Chief Technology Officer of Tigera.

Availability

Lynx is generally available today. It scales horizontally on a Kubernetes-native architecture using eBPF instrumentation with no per-call overhead, and is already deployed in production at top global banks.

To learn more about Lynx, please visit: https://www.tigera.io/tigera-products/lynx/.

About Tigera

Tigera, the inventor and maintainer of Calico Open Source, secures and governs Kubernetes workloads and AI agents across the enterprise, by providing deep visibility and enforcement control. The company's offerings secure Kubernetes workloads and AI agents across 1M+ clusters in multicloud and hybrid environments. Leading enterprises including NVIDIA, Royal Bank of Canada, Bloomberg, Chipotle, GoDaddy, and Upwork trust Tigera for their Kubernetes security, networking and AI agent security needs.

To learn more about Tigera's offerings, visit tigera.io.