Phoenix in the field
Real deployments. Real results. See how teams use Phoenix to eliminate their static attack surface.
Eliminating Dwell Time in Production Clusters
A financial services platform running hundreds of microservices on Kubernetes had a persistent problem: their security team estimated an average dwell time of 3-4 weeks before compromised containers were detected. Traditional runtime security tools generated alerts, but by the time the SOC responded, attackers had already moved laterally across the cluster.
Phoenix was deployed as a Kubernetes operator across all production namespaces. Automated pod rotation was configured at telemetry-driven intervals, with Falco integration for panic mutation on suspicious activity detection. No code changes were required — the team deployed via Helm in under an hour.
- —Dwell time reduced from weeks to zero — compromised containers are destroyed before attackers can act
- —SOC alert volume dropped 73% as transient threats self-resolved
- —Zero downtime during the entire deployment and operation period
- —1.4% infrastructure overhead measured across all production workloads
Securing NVIDIA NIM Inference Pipelines
An AI company running NVIDIA NIMs for production inference was targeted by model theft attempts and LLM jacking attacks. Their GPU-intensive endpoints were static and predictable — attackers could probe the same endpoint over days to find exploitable patterns. Traditional API gateways offered rate limiting but no defense against persistent, low-and-slow reconnaissance.
Phoenix for AI was deployed to protect all NIM inference endpoints. GPU Pipeline Mutation ensured that inference endpoints were ephemeral — each request cycle could be served by a freshly rotated instance. The NVIDIA NeMo Guardrails integration added prompt-level defense, creating a double-lock system.
- —100% endpoint ephemerality — no inference endpoint lives long enough for targeted exploitation
- —Model theft attempts dropped to zero as attackers lost the ability to maintain stable connections
- —NeMo Guardrails blocked 99.7% of prompt injection attempts at the application layer
- —GPU utilization unchanged — Phoenix operates outside the inference pipeline with minimal overhead
From Reactive SOC to Autonomous Defense
A global enterprise with 2,000+ Kubernetes pods across multiple clusters was drowning in security alerts. Their SOC team spent 80% of their time on triage and incident response for threats that exploited static infrastructure. Mean time to recovery averaged 6+ hours per incident, with each hour of downtime costing an estimated $300K.
Phoenix was deployed across all production and staging clusters. Self-healing workloads replaced manual incident response for the majority of security events. The security team shifted from reactive triage to proactive policy configuration — defining rotation policies and risk thresholds rather than chasing alerts.
- —MTTR reduced from 6+ hours to under 20 minutes — a 94% improvement
- —SOC team reallocated 60% of incident response time to proactive security engineering
- —Estimated $2.4M annual savings in avoided downtime and reduced SOC operational costs
- —Zero production outages attributable to security incidents in the first 6 months of deployment