Tigera: Istio Ambient Mesh: How to Automate Security for Dynamic AI Workloads

In a modern, multi-namespace Kubernetes environment, pods are often ephemeral—scaling rapidly to meet compute demands and disappearing just as quickly. This is especially true for AI-driven systems where workloads may be added in a non-deterministic, and thus hard to predict, manner.

When security teams require zero-trust encryption (mTLS), DevOps and Platform engineers are often left manually re-configuring service mesh memberships or troubleshooting sidecar injection failures.

In this demo, we move beyond the basics to solve real-world scale and security challenges. We will demonstrate how Calico’s Unified Platform leverages the sidecar-less architecture of Ambient Mesh to automatically onboard AI workload pods as they are created. You will see how decoupling the service mesh from application pods keeps your AI pipeline secure and performant without overhead.

• Zero-Touch Onboarding: Watch how AI workload pods across multiple namespaces are automatically discovered and added to the mesh the moment they are spun up.
• Sidecar-less Security & Performance: Learn how the ztunnel provides full mTLS and encryption without injecting a single sidecar into your resource-heavy AI containers.
• Workload Identity and Authentication at Scale: Implement unified security policies that follow the workload, ensuring consistent posture even as namespaces grow or change.
• Observability & Troubleshooting: Utilize Calico’s integrated dashboard to verify traffic flows between AI services and identify bottlenecks in real-time.

Join us to learn why Istio Ambient Mesh is the ideal solution to securing dynamic AI workloads running on Kubernetes.