Cloud Security Challenges In The AI Era - How Running Containers And Inference Weaken Your System
InfoQ, Monday, November 17th, 2025
Marina Moore, a security researcher and the co-chair of the security and compliance TAG of CNCF, shares her concerns about the security vulnerabilities of containers. She explains where the issues originate, providing solutions and discussing alternative routes to using micro-VMs rather than containers.
Key Takeaways
Containers are the microservice default (due to density/speed) but their insufficient isolation is a major security risk because they share the host OS kernel.
Container isolation mechanisms (cgroups, etc.) are "band-aids" that fail if an attacker gains kernel access. Most container escapes are Linux kernel attacks, with half stemming from memory flaws.
Since memory safety is the biggest issue, the most critical action is to minimize the attack surface by maintaining a minimal code base, which is key even when using memory-safe languages.
For projects demanding high isolation (e.g., multi-tenant setups), Micro VMs are the best choice. They offer the small footprint of containers while retaining kernel-level isolation (like full VMs). Experiments are conducted to apply Kubernetes tooling directly.
AI hype is creating new attack vectors because GPU security for multi-user inference is poor. GPUs typically do not clear memory between different processes, complicating container isolation efforts.