Teleport Named an Overall Leader in Zero Trust Platforms by KuppingerCole Analysts
Read now

MASTERCLASS SERIES

AI INFRASTRUCTURE TRACK

What AI does to your infrastructure architecture

When agent behavior can't be predicted, identity becomes the foundational control. Here's what that means for how you build.

What You'll Learn

  • Why non-deterministic AI breaks the infrastructure security patterns you've relied on — and what a new design foundation looks like

  • How cryptographic identity and ephemeral privileges solve the challenge of scoping and containing AI agents that behave differently on every run

  • How to apply consistent identity controls across Kubernetes for both humans and AI workloads

  • Why MCP has enterprise security gaps out of the box — and what closing them actually requires

4 minutes, 34 seconds

Featuring Teleport Engineering Leaders

Background image

Key Technical Insights

"Deterministic → non-deterministic is the fundamental shift"

Traditional CI/CD: input A → output B. Predictable. AI agents make decisions on your behalf. The path changes every run. Infrastructure built for deterministic code isn't ready for agentic AI.

"Agentic AI is like a toddler with root access"

If you give the permissions, the agent will use them. Without short-lived, task-based privileges, an AI agent will probe every system it can reach. It might rm -rf your root directory. It might dump your database.

"Certificate-based authentication is the perfect fit for AI workloads"

Static credentials and standing privileges don't hold when behavior changes on every run. Certificates establish who an AI agent is and for how long. Short-lived privileges define what it can do, scoped dynamically to each task.

"MCP didn't solve OWASP top 10 AI threats out of the box"

Rapid adoption outpaced security design — deploying MCP at enterprise scale requires an identity and authorization layer the protocol doesn't ship with.

"Kubernetes is the AI platform (and the identity control plane)"

Sam Altman called it six years ago: Kubernetes is the AI platform. OpenAI runs ChatGPT on it. The same access controls that work for humans work for AI agents. One control plane for both.

Lightning Learning

00:60

The Static Credential Problem in Agentic AI

Why AI agents don't need static tokens — and how eliminating standing privileges reduces the attack surface.

00:45

Always-on machines shouldn't have always-on privileges.

Why cryptographic identity and short-lived privileges should govern machines the same way they govern humans.

00:50

Certificate-Based auth for every identity

Why certificate-based authentication enables every identity — human or machine — to do exactly what it needs for that specific task, and nothing more.

00:43

2026: AI Goes to Production

Why 2026 is the year AI graduates from labs to production at scale—and what that means for infrastructure identity.

Questions for Your Team

Start the discussion on infrastructure identity:

1. Are our AI agents using static tokens? What's the blast radius if they are compromised, and how long would they remain valid?

2. How are we scoping privileges for AI agents? Can we define them per-task, or is it all-or-nothing?

3. If we're using MCP, have we addressed the OWASP top 10 AI threats? Which ones are still gaps?

4. Can we define the who, what, why, and how of Kubernetes access consistently for both humans and AI workloads — or are we maintaining two separate models?