Tigera just shipped the firewall your AI agents didn't know they needed

Your agents are making thousands of calls to other agents, LLMs, and tools every hour.

You have no idea what most of them are doing.

Tigera just launched Lynx — a unified control plane for Kubernetes-native AI agents.

This is not another agent framework.

This is the security layer that sits between your agents and the infrastructure they depend on.

Five capabilities, one control plane:

1. eBPF-powered auto-discovery finds agents nobody registered. Shadow agents get flagged and quarantined. You cannot govern what you cannot see.

2. Cryptographic identity for every agent via SPIFFE/SPIRE. Each agent gets a scoped, hop-limited credential. A valid token does not grant blanket access.

3. Default-deny policy enforcement at the gateway. Every agent-to-agent, agent-to-tool, and agent-to-LLM call passes through Lynx. If it is not explicitly allowed, it is blocked.

4. eBPF and LSM watch every syscall, network call, and file access at the kernel layer — a layer agents cannot tamper with. Credential theft and lateral movement get caught even when the action passes policy.

5. OpenTelemetry traces reconstruct any agent's actions end-to-end. You get a forensic audit trail for every delegation chain.

Here is the structural problem Lynx solves:

Three teams are looking at the same agent stack from different angles.

The AI team wants to experiment. The platform team is measured on deployment velocity. The security team is asked to approve agents for which they cannot defend the posture.

A valid credential does not guarantee good behavior. The blast radius shifts every time a new agent or tool comes online.

Lynx plugs into the tools enterprises already run — EntraID, Okta, SPIFFE/SPIRE — and sits in the path of every agent call. No agent code changes required.

If you are running agents in Kubernetes, audit your agent communication topology today.

Map every agent-to-agent and agent-to-LLM call. Identify which ones have no identity enforcement. Those are your blast radius.

SOURCE: https://www.prnewswire.com/news-releases/tigera-launches-lynx-a-unified-control-plane-for-kubernetes-native-ai-agents-302802964.html
VERIFIED: PR Newswire (Tigera official release, June 17 2026), EuropeSays coverage, BriefGlance analysis
SIGNAL: Agent security is becoming a first-class infrastructure concern — not a post-hoc audit exercise. Lynx is the first product to treat agent communication as a network security problem with kernel-level enforcement.