MASTERCLASS SERIES
ARCHITECT TRACK
The Technical Deep Dive
How to secure non-deterministic AI workloads, implement secure MCP, and turn Kubernetes into your identity control plane
What You'll Learn
Why deterministic → non-deterministic is the fundamental shift (and why infrastructure isn't ready)
The "toddler with root access" problem: what happens when AI agents have unlimited permissions
How certificate-based authentication becomes the perfect fit for AI workloads
MCP's security gaps (OWASP top 10 AI threats) and how Secure MCP solves 5-6 of them
Why Kubernetes is the AI platform (and how to unify access for humans + machines)
4 minutes, 34 seconds
Featuring Teleport Engineering Leaders
Read Full Transcript
The world's infrastructure is not ready because we are so used to writing pieces of deterministic code where say a CI/CD pipeline is going to take input A and we know that we want to get it to output B. But now we're starting to live in a world where we are giving a non-deterministic agent or LLM or what have you the ability to make decisions on our behalf and that is destructive potentially.
One of the problems if you don't provide limited access is that agentic AI is sort of like a toddler. It will probe all of your systems. It might rm-rf delete your root directory. It might dump your database. If you give the permissions, the LLM will use this permissions that you've given it.
Certificate-based authentication is very very powerful. I can create cryptographic footprint and let's call it passport of who you are in that moment. And in that piece of cryptographic identity, I can define who you are, how long I believe you should exist and be able to function and accomplish your work. So the ephemeral nature of how certificate-based authentication works makes it prime for the effective use in AI workloads. Your AI is non-deterministic. Being able to dynamically scope its work on every single task that it does is crucial. Being able to define what it should do even though it may change every time it runs is paramount.
It has been about a year since Anthropic released MCP to the world and through its ability to provide context to LLMs and to workloads, it has seen large adoption in the community. The issue is with any young protocol, it does not provide all the enterprise features that are necessary to deploy it at scale. Out of the box, the protocol did not have an answer for any of the OWASP top 10 AI and agentic threats. Teleport released secure MCP about 6 months after the protocol's initial release. And through our existing foundation and bedrock of how we solve the identity problem and the access problem as an extension, we're able to cover five to six of the top 10 threats that AI is facing according to all of us.
Sam Altman was on the KubeCon stage I believe about six years ago and he declared that Kubernetes is going to be the AI platform and he's not wrong. OpenAI has been very vocal about how they run ChatGPT on Kubernetes, how everything that they do is Kubernetes first. Kubernetes has become the backbone of most modern infrastructure and most modern applications that we touch in our daily lives and being able to define the access not only to Kubernetes itself but utilize the same tools to define the access of the AI that is going to be running on that platform becomes invaluable. Giving you the easy button to Kubernetes access, to giving you the easy button to defining roles, to defining the who, the what, the why, the how of Kubernetes for humans and utilizing the exact same technologies, the exact same knobs for the AI workloads that will run on Kubernetes.
Key Technical Insights
"Agentic AI is like a toddler with root access"
If you don't provide limited access, AI will probe everything. It might rm -rf your root directory. It might dump your database. If you give the permissions, the LLM will use them. This isn't malicious—it's how non-deterministic agents work.
"Deterministic → non-deterministic is the fundamental shift"
Traditional CI/CD: input A → output B. Predictable. Testable. AI agents: make decisions on your behalf. The path changes every time. Infrastructure built for deterministic code isn't ready for non-deterministic agents.
"Certificate-based auth is the perfect fit for AI workloads"
Ephemeral certificates let you define: who you are, how long you exist, what you can access—all in a cryptographic passport. For non-deterministic AI that changes every run, dynamic scoping on every task is crucial.
"MCP didn't solve OWASP top 10 AI threats out of the box"
MCP brought large adoption for providing context to LLMs. But young protocols lack enterprise features. Vanilla MCP had no answer for agentic security threats. Secure MCP covers 5-6 of the top 10 threats through identity-based access.
"Sam Altman was right: Kubernetes is the AI platform"
OpenAI runs ChatGPT on Kubernetes. Everything they do is Kubernetes-first. The same tools that define access for humans can define access for AI agents. One control plane, one identity model, humans and machines.
"The easy button for Kubernetes access (for humans AND AI)"
Defining roles, the who/what/why/how of Kubernetes access—same technology, same knobs, whether it's a human engineer or an AI workload. Unified access eliminates tool sprawl and identity fragmentation.
Related Insights
00:60
The Secure MCP Problem
Why giving static tokens to AI agents creates persistent attack surfaces—and how to eliminate them.
00:45
Non-Human = Human Identities
How to treat machines the same as humans with short-lived credentials and ephemeral access.
00:50
Certificate-Based Architecture
How X.509 certificates and SPIFFE become the foundation for unified identity across your entire platform.
00:43
2026: AI Goes to Production
Why 2026 is the year AI graduates from labs to production at scale—and what that means for infrastructure.
Questions for Your Team
Technical discussion starters:
1. Do we currently give AI agents static tokens or long-lived credentials? What's the blast radius if they leak?
2. How are we scoping permissions for non-deterministic workloads? Can we define access per-task, or is it all-or-nothing?
3. If we're using MCP, have we addressed the OWASP top 10 AI threats? Which ones are still gaps?
4. Do we have a unified identity layer for Kubernetes, or are we managing humans and machines separately?
5. What would it take to move from static credentials to certificate-based ephemeral identity across our AI workloads?
