AI Kubernetes workloads should not run privileged

Overview

Self-hosted AI workloads often run model servers, agents, MCP servers, notebook servers, and GPU runtimes. Privileged containers, privilege escalation, writable root filesystems, or powerful Linux capabilities can turn prompt injection or dependency compromise into node-level impact.

Remediation guidance

Remediation

Run AI workloads with restricted pod security settings. Disable privileged mode and privilege escalation, drop unnecessary capabilities, and use read-only root filesystems where supported.

Identify AI workloads using privileged runtime settings.
Remove unnecessary host and kernel-level access.
Apply namespace policy, workload admission controls, and runtime monitoring for exceptions.

Query logic

These are the stored checks tied to this control.

AI Kubernetes workloads should not run with privileged runtime settings

Connectors

Kubernetes

Covered asset types

AI ServicesCronJobDaemonSetDeploymentJobPodStatefulSet

Expected check: eq []

{
  pods(where: { assetCategory: { eq: "AI Services" }, containers_SOME: { securityContext: { OR: [ { allowPrivilegeEscalation: { eq: true } } { readOnlyRootFilesystem: { eq: false } } { capabilitiesAdd_INCLUDES: "SYS_ADMIN" } { privileged: { eq: true } } ] } } }) { ...AssetFragment }
  deployments(where: { assetCategory: { eq: "AI Services" }, podTemplate: { containersTemplates_SOME: { securityContext: { OR: [ { allowPrivilegeEscalation: { eq: true } } { readOnlyRootFilesystem: { eq: false } } { capabilitiesAdd_INCLUDES: "SYS_ADMIN" } { privileged: { eq: true } } ] } } } }) { ...AssetFragment }
  statefulSets(where: { assetCategory: { eq: "AI Services" }, podTemplate: { containersTemplates_SOME: { securityContext: { OR: [ { allowPrivilegeEscalation: { eq: true } } { readOnlyRootFilesystem: { eq: false } } { capabilitiesAdd_INCLUDES: "SYS_ADMIN" } { privileged: { eq: true } } ] } } } }) { ...AssetFragment }
  daemonSets(where: { assetCategory: { eq: "AI Services" }, podTemplate: { containersTemplates_SOME: { securityContext: { OR: [ { allowPrivilegeEscalation: { eq: true } } { readOnlyRootFilesystem: { eq: false } } { capabilitiesAdd_INCLUDES: "SYS_ADMIN" } { privileged: { eq: true } } ] } } } }) { ...AssetFragment }
  jobs(where: { assetCategory: { eq: "AI Services" }, cronJobName: { eq: "" }, podTemplate: { containersTemplates_SOME: { securityContext: { OR: [ { allowPrivilegeEscalation: { eq: true } } { readOnlyRootFilesystem: { eq: false } } { capabilitiesAdd_INCLUDES: "SYS_ADMIN" } { privileged: { eq: true } } ] } } } }) { ...AssetFragment }
  cronJobs(where: { assetCategory: { eq: "AI Services" }, podTemplate: { containersTemplates_SOME: { securityContext: { OR: [ { allowPrivilegeEscalation: { eq: true } } { readOnlyRootFilesystem: { eq: false } } { capabilitiesAdd_INCLUDES: "SYS_ADMIN" } { privileged: { eq: true } } ] } } } }) { ...AssetFragment }
}

AI Kubernetes workloads should not run privileged

Overview

Remediation guidance

Remediation

Query logic

Platform

Use Cases

Industries

Compare

Resources

Company