Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’ve been busy! Our latest summer updates introduce powerful new capabilities to help you detect, respond to, and manage threats across your cloud-native workloads, and cloud environments – all from one unified platform. Here’s what’s new in ARMO Platform.

Recently, the EU officially launched its vulnerability catalog: the European Vulnerability Database (EUVD). This move has sparked a discussion about the future of global vulnerability tracking. Are we headed toward fragmentation, or is this a healthy step toward decentralization?

Let’s be honest. Most cloud security alerts feel like trying to read a book with half the pages missing. You get bits and pieces — “unusual login,” “suspicious process,” “network traffic spike” — but no real explanation of what actually happened or what you should do about it. That’s the daily reality for security teams. You’re not just fighting attackers; you’re fighting for context.

We’re excited to announce that ARMO now fully supports Google Kubernetes Engine (GKE) Autopilot clusters! This update comes in response to strong demand from our user community and enterprise customers, many of whom are embracing Autopilot for its simplicity and operational efficiency — while still requiring deep, real-time security observability and enforcement. Get your Kubernetes Security Checklist now.

We’re excited to announce a major enhancement to the ARMO platform: Full Software Bill of Materials (SBOM) with Runtime Visibility and Open Source License Insights. In today’s threat landscape, it’s not enough to know what went into your containerized applications. You need to know what’s actually running, how it’s behaving, and whether it introduces compliance or legal risks. ARMO’s new SBOM capability delivers just that.

The recent news about Google’s multi-billion-dollar acquisition of Wiz has sparked widespread conversation across the cybersecurity world. Its price tag reflects its strong reputation, Wiz is a leader in Cloud Security Posture Management (CSPM) solution. Its strength lies in identifying potential risks before they impact your live environment.

ARMO researchers reveal a major blind spot in Linux runtime security tools caused by the io_uring interface—an asynchronous I/O mechanism that bypasses traditional system calls. Most tools, including Falco, Tetragon, and Microsoft Defender fail to detect rootkits using io_uring because they rely on syscall monitoring. ARMO’s proof-of-concept rootkit, Curing, operates fully via io_uring to demonstrate the threat.

The best way to understand real-world attacks is to observe them in the wild. Following this principle, our research team set up a decoy Kubernetes workload designed to attract malicious actors – a honeypot in a Kubernetes cluster we named the “Honey-pod.” Inside this pod, we deployed Apache Druid, a popular open-source analytics database known for its scalability and, unfortunately, for a history of exploitable vulnerabilities.

Kubernetes 1.33 marks another exciting milestone in the evolution of this widely adopted container orchestration platform. A big shoutout to the release team for their hard work and contributions! In this update, Kubernetes continues to enhance its capabilities to meet the ever-evolving demands of modern cloud-native environments. Let’s take a closer look at the key security improvements and other features that caught our attention.

With DHS ending MITRE’s CVE funding, the future of global vulnerability tracking is uncertain. Here’s what it means for security teams and what comes next.