Agent Safety22 min read
Process Containment: Using eBPF to Kill Malicious Child Processes
When a compromised agent spawns npx or curl, user-space policy is too late. Enforce exec allowlists in the kernel with Tetragon — Panguard sees the tool call; eBPF sees what actually ran.
- Ebpf
- Tetragon
- Agents
- Security
- Trust Boundaries