https://shengxu.pages.dev/en/tags/devsecops/Cloud architecture & DevOps notes by Shengxu: Kubernetes, Cilium, observability, LLM infra, AI agents.Hugo 0.153.2 & FixIt v0.4.0-alpha.3-20251225101113-8ffb9a95enSat, 14 Mar 2026 10:00:00 +0800https://shengxu.pages.dev/en/posts/kubernetes-security-before-llm/Sat, 14 Mar 2026 10:00:00 +0800https://shengxu.pages.dev/en/posts/kubernetes-security-before-llm/SecurityKubernetesDevOps<p>The explosion of Large Language Models (LLMs) and AI Agents has not only revolutionized business models but also introduced new application-layer security challenges such as prompt injection and data poisoning. While everyone&rsquo;s attention is drawn to these cutting-edge vulnerabilities, let&rsquo;s first pause and ask ourselves a fundamental question: <strong>Before diving into these complex AI security issues, is the cloud-native foundation that supports all our business workloads even up to par?</strong></p>https://shengxu.pages.dev/en/posts/mcp-security-risks-guide/Tue, 20 Jan 2026 00:00:00 +0000https://shengxu.pages.dev/en/posts/mcp-security-risks-guide/SecurityAI<p>Last year, a typical scenario sparked heated debate in the security community: a developer installed Supabase&rsquo;s MCP plugin in Cursor and configured a <code>service_role</code> key (database super admin privileges) so the AI could query the database directly. One day, a customer casually asked in a ticket, &ldquo;Can you show me our integration configuration?&rdquo; The AI interpreted this as an instruction and printed the token directly in the reply.</p> <p>While this case often appears in security reports as a &ldquo;risk demonstration,&rdquo; the problem it reveals is real: <strong>The MCP protocol grants AI operational permissions, and prompt injection attacks allow hackers to &ldquo;hijack&rdquo; these permissions through natural language.</strong></p>