The New Stack Podcast

Container Security and AI: A Talk with Chainguard's Founder

Apr 22, 2025

Ville Aikas, founder of Chainguard and an early Kubernetes contributor, shares insights on the evolution of container security. He discusses the initial security challenges, including unrealistic trust in user validations and the implications of lack of secure defaults. Aikas emphasizes the importance of trusted, minimal, and verifiable container images and the move towards locked-down AI images. The conversation also addresses the complexities surrounding AI/ML security in Kubernetes and the growing need for community collaboration in enhancing software supply chain security.

20:51

Creator website

Episode guests

Ville Aikas

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The evolution of container security reveals early misconceptions about user validation, emphasizing the need for robust security practices and governance policies.

Chainguard addresses vulnerabilities by providing zero-CVE container images and advocating for transparent toolchains while highlighting AI security challenges in Kubernetes environments.

Deep dives

The Importance of Software Supply Chain Security

Software supply chain security has become a critical focus for organizations as threats to their software environments have increased. The episode emphasizes that many companies are unaware of the software they are running, and this ignorance can lead to significant vulnerabilities. As highlighted, the early days of container technology did not prioritize security, assuming users would not pull random images from the internet. This complacency created a perfect storm for security issues, illustrating the necessity for robust security measures in software development and deployment.

Intro

2min

The Evolution of Container Security

9min

Advancements in Container Security Standards and Solutions

4min

Navigating Supply Chain Complexity and Community Collaboration in Software Security

2min

Securing AI: Challenges and Imperatives

4min

In this episode of The New Stack Makers, recorded at KubeCon + CloudNativeCon Europe, Alex Williams speaks with Ville Aikas, Chainguard founder and early Kubernetes contributor. They reflect on the evolution of container security, particularly how early assumptions—like trusting that users would validate container images—proved problematic. Aikas recalls the lack of secure defaults, such as allowing containers to run as root, stemming from the team’s internal Google perspective, which led to unrealistic expectations about external security practices.

The Kubernetes community has since made strides with governance policies, secure defaults, and standard practices like avoiding long-lived credentials and supporting federated authentication. Aikas founded Chainguard to address the need for trusted, minimal, and verifiable container images—offering zero-CVE images, transparent toolchains, and full SBOMs. This security-first philosophy now extends to virtual machines and Java dependencies via Chainguard Libraries.

The discussion also highlights the rising concerns around AI/ML security in Kubernetes, including complex model dependencies, GPU integrations, and potential attack vectors—prompting Chainguard’s move toward locked-down AI images.

Learn more from The New Stack about Container Security and AI

Chainguard Takes Aim At Vulnerable Java Libraries

Clean Container Images: A Supply Chain Security Revolution

Revolutionizing Offensive Security: A New Era With Agentic AI

Join our community of newsletter subscribers to stay on top of the news and at the top of your game.