TL;DR — Falco watches Linux syscalls and Kubernetes events to detect suspicious runtime behavior. For AI platforms it helps catch container escapes, unexpected shell access, crypto-mining, and other behaviors that policy at admission time cannot see.
What it is
Falco is a runtime security engine from the CNCF that inspects kernel events and matches them against rules. In the AI Native landscape it sits in AI Native Infra › Governance, Policy and Security.
Why it exists
Admission control only tells you what was approved. Falco tells you what is happening now. That matters when an AI workload starts spawning shells, touching host paths, or reaching into places it shouldn't.
How it works
Falco taps eBPF or kernel modules to observe syscalls, then evaluates rule conditions against processes, files, network connections, and Kubernetes metadata. Matching events are emitted as alerts to stdout, webhook, or SIEM integrations.
Key features
- Runtime detection for Linux and Kubernetes.
- Rule language for behavior-based alerts.
- Container context built into event output.
- SIEM friendly through webhook and log sinks.
Quick start
- rule: Shell in container
condition: spawned_process and container
output: "Shell spawned in container (user=%user.name container=%container.name)"
priority: WARNING
tags: [container, shell, ai-platform]When to use, when to skip
Use it when you need runtime detection in addition to admission policy. Skip it if your platform is tiny and you don't have anyone to respond to alerts.
vs / alongside
| Tool | Role | Note |
|---|---|---|
| Falco | Runtime detection | Behavior and syscall based |
| OPA | Policy at admission | Prevention layer |
| Kyverno | Kubernetes policy | YAML-first admission checks |
| Kubernetes | Target | Where alerts originate |
References
- Falco — project home.
- Falco docs — rules and deployment.
- falcosecurity/falco — source.
Verified against Falco docs, May 2026.