Oakland, CA, USA
2015
  |  By Teleport
Award recognizes Teleport's Infrastructure Identity platform for its innovative zero trust architecture securing AI agents alongside humans, machines, and workloads.
  |  By Maximilan Heck, Waldemar Kindler
In March 2026, attackers from the TeamPCP group compromised Trivy (CVE-2026-33634) — a widely-deployed open-source vulnerability scanner running in thousands of CI/CD pipelines — and turned it into a credential harvester. SSH keys, Kubernetes secrets, cloud tokens — secrets accessible to any pipeline that ran a compromised version — were exposed. The attacker retained access long enough to exfiltrate newly rotated secrets before the window closed.
  |  By Megan Moore
AI agents querying databases pose well-documented risks. What gets less attention is the fact that PostgreSQL has no native concept of an agent as a distinct actor. This means DBAs are managing access for something that appears in pg_stat_activity like any other role created with CREATE ROLE, with no distinguishing attributes and no indication of who or what initiated the connection. AI agents have no distinct identity when interacting with PostgreSQL.
  |  By Nicolas Morris
Cloud service providers preparing for FedRAMP 20x are encountering a fundamentally different authorization model than the one their compliance programs were built around. The traditional FedRAMP path produced lengthy System Security Plans, point-in-time assessments, and human-readable narrative evidence.
  |  By Jeffrey Ellin
When your AI agent calls an MCP tool, that tool has no idea who actually triggered the request. It sees the agent, not you. This post explains why that matters and how to fix it with Teleport JWTs. In part two of this post, we will explain how to extend this to AWS to carry your identity through Amazon Bedrock AgentCore all the way into CloudTrail.
  |  By Teleport
Two foundational identity concepts - controlling the scope of agent roles and constraining what they can access - now have a production implementation in Beams, Teleport's trusted, ephemeral agent runtime.
  |  By Teleport
The Hacker News recognizes Teleport for its infrastructure identity architecture that delivers resiliency, scalability, and agility to modern computing environments.
  |  By Dan Johns
Traditionally, engineers have relied on shared database passwords. When someone needs to run a query, they either already have standing access granted via a static credential everyone on the team knows, or someone has to scramble to create a quick workaround. Every new user, exception rule, or port forward through a bastion host becomes a “just this once” fix.
  |  By Gus Luxton
Regulators and auditors now demand immutable proof of every privileged action, attributed to an identity, across Secure Shell (SSH), Kubernetes, databases, and Remote Desktop Protocol (RDP).
  |  By Rob Cobbins
On workload identity, a spec the industry has already started building around, and what the next layer looks like. I don't have a better answer than SPIFFE (Secure Production Identity Framework for Everyone) for workload identity, and that's where I want to start, because what follows is going to sound like I do.
  |  By Teleport
AI agents are rapidly moving into production, but most organizations are still deploying them on top of legacy identity systems built around passwords, secrets, and fragmented access models. In this video, we introduce the Teleport Agentic Identity Framework, a standards-driven approach for deploying AI agents securely across infrastructure using cryptographic identity, governed access, and continuous visibility.
  |  By Teleport
Securing AI agents in Teleport, focused on unified identity, eliminating standing privileges, and enforcing real policy controls instead of relying on the whims of an agent.
  |  By Teleport
Regulators don’t just want login logs anymore. They want immutable proof of every action and full session recordings. Steven Martin on how Teleport delivers that — and how AI-powered session summaries are changing what audit actually looks like.
  |  By Teleport
There’s a moment in every Teleport demo where the customer lights up. They see session replay, Kubernetes playback, the scope of what’s possible — and something clicks. Gus Luxton on why that reaction never gets old.
  |  By Teleport
AI agents are tireless, highly capable, eager to please, but difficult to manage. George Chamales (CriticalSec) and Josh Rector (Ace of Cloud) unpack the identity and access challenges posed by agentic AI. How do you verify it was the right agent, doing the right action, approved by the right person? How do we bound, constrain, govern agentic behavior? Ultimately, the same frameworks built for human identity and access should be applied to agents.
  |  By Teleport
FedRAMP 20x → continuous monitoring. Moving from point-in-time audits to real-time visibility.
  |  By Teleport
With just a Slack message, AI agents can triage and resolve Kubernetes failures. But what's stopping that agent from wiping your cluster?
  |  By Teleport
In this video, we demonstrate how to securely grant an AI agent (OpenClaw) access to Teleport-protected Kubernetes resources using Teleport Machine Identity and tbot, without exposing secrets, API keys, or long-lived tokens. You’ll see how Teleport treats AI agents as first-class identities, enforcing strict RBAC controls so the agent can only do what it’s allowed to do, like reading logs, while being blocked from sensitive actions like deleting resources or accessing secrets.
  |  By Teleport
SOC 2 was built for human-operated systems and predictable infrastructure. Agentic AI introduces systems that can act, adapt, and change over time, creating new governance and risk considerations.
  |  By Teleport
Three methods for issuing identity to AI agents — and why static credentials will always eventually leak no matter how well you vault them. Ev Kontsevoy breaks down standard credentials, durable identity, and digital twins, and explains why the issuer of identity needs to be the same across your entire environment.
  |  By Teleport
While SSH has always been a popular attack vector, the increased adoption of elastic, cloud infrastructure and dynamic, micro-service architecture using containerized application services (aka, "cloud-native" applications), has resulted in the additional complexity of having application services that can migrate across dynamic server infrastructure. This makes managing access to applications and their infrastructure through SSH more complicated and more prone to security threats.
  |  By Teleport
With their rapidly changing architecture and API-driven automation, cloud platforms come with unique security challenges and opportunities. This hands-on book guides you through security best practices for multivendor cloud environments, whether your company plans to move legacy on-premises projects to the cloud or build a new infrastructure from the ground up.
  |  By Teleport
In this paper, we will provide a brief description of what SSM Session Manager is and how it compares to Gravitational's Teleport privileged access management solution. We'll compare the significant design and feature differences and the operational overhead of the solutions. Because Session Manager is limited to AWS, we'll limit the scope of the discussion to that cloud provider. Finally, we have provided a feature matrix of the two solutions.
  |  By Teleport
The goal of the paper is to identify key challenges and the most promising opportunities for small to medium sized server hosting providers in an era of rapid commoditization driven by AWS.
  |  By Teleport
HIPAA, the Health Insurance Portability and Accountability Act, sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

Security and Compliance for Cloud Applications and Infrastructure. Cloud-native application delivery with robust Day-2 operations across many clouds, in restricted, regulated and remote environments.

Get compliance and security best practices out-of-the-box and make it easy for engineers to access SSH and Kubernetes environments across many clouds, data centers and edge devices. Deploy and Run Kubernetes applications on your customers' clouds, on the edge, and even in air-gapped server rooms, without overloading your DevOps teams.

Our products are open-source and based on open standards:

  • Teleport: Access Kubernetes and Linux infrastructure across clouds, datacenters and IoT devices while enforcing industry best-practices for security and compliance.
  • Gravity: Deploy and run cloud-native applications in hundreds of locations where security and compliance matter, on your customers' clouds or on the edge.
  • Teleconsole: Teleconsole is a free service to share your terminal session with people you trust. Your friends can join via a command line via SSH or via their browser over HTTPS. Use this to ask for help or to connect to your own devices sitting behind NAT.

Grow your business across many production environments without having to worry about the vendor lock-in.