Phoenix for Kubernetes

PREEMPTIVE
AMTD

Your clusters are predictable. Attackers exploit that predictability. Phoenix makes your infrastructure a moving target that changes before they can finish a scan.

Deploy PhoenixView on GitHub
Cluster Telemetry
CLUSTER_ENTROPY84%
PODS_ROTATED1,247
MUTATION_CYCLE2.1s
DWELL_TIME0ms
The Problem

The Persistence Trap

Traditional security assumes your cluster is a fortress. We know it's a sitting duck. In a static environment, an attacker only needs to succeed once. They map your network, locate your secrets, and dwell for months because your infrastructure never moves.

277Average days to detect a breach

Attackers don't need sophistication when they have unlimited time. Static infrastructure gives them that time.

Static Clusters

Pods that don't rotate give attackers unlimited time to establish persistence, map your network, and exfiltrate data.

Predictable Networks

Fixed IPs and service endpoints are a roadmap for lateral movement. Attackers can scan at leisure.

Config Drift

Static configurations accumulate vulnerabilities. Manual patching can't keep up with the attack surface growth.

The Moving Target Engine

PHOENIX

A Kubernetes Operator that continuously mutates your cluster topology. No agents. No sidecars. No code changes. Just chaos engineering applied to defense.

K8s OperatorZero-AgentEvent-DrivenGitOps Ready1-2% Overhead
Cluster Telemetry
CLUSTER_ENTROPY84%
PODS_ROTATED1,247
MUTATION_CYCLE2.1s
DWELL_TIME0ms

Continuous Pod Mutation

Pods are replaced at configurable or telemetry-driven intervals with randomized UUIDs and internal IPs.

Network Obfuscation

IPs, service endpoints, labels, and routing paths shift dynamically. Lateral movement becomes impossible.

Panic Mutation

Falco detects suspicious activity, Phoenix triggers immediate workload rotation. Compromised environments are destroyed.

Self-Healing Regeneration

Compromised workloads are automatically replaced with known-good baselines. No manual incident response.

Three Technical Pillars
01

Continuous Pod Mutation

Phoenix doesn't just restart pods — it terminates and recreates them with randomized UUIDs and internal IPs. Attacker persistence is severed on every cycle.

  • Configurable rotation intervals
  • Randomized pod scheduling
  • Zero-downtime rolling replacement
  • Namespace-level controls
02

Dynamic Label Obfuscation

Cryptographically masks internal metadata. Labels remain valid for the K8s API but appear as randomized strings to side-scanning adversaries.

  • Service label rotation
  • Endpoint name mutation
  • Metadata randomization
  • Discovery prevention
03

Temporal Network Policies

Injects disposable network paths that exist only for the lifespan of a specific pod. Zero-trust lateral movement by design.

  • Time-bound network rules
  • Automatic policy rotation
  • Ephemeral service mesh paths
  • Lateral movement prevention

Zero-Agent Architecture

Phoenix is a Kubernetes Operator, not a sidecar or DaemonSet. It speaks the Kubernetes API natively.

  • No agents to install
  • No code changes required
  • No instrumentation overhead
  • 1-2% infrastructure cost

Event-Driven Defense

Cron-based rotation meets real-time response. Falco and eBPF signals trigger panic mutation when threats emerge.

  • Configurable rotation schedules
  • Falco integration for threat signals
  • eBPF telemetry support
  • Immediate panic mutation

GitOps Ready

Phoenix works with your existing deployment pipeline. ArgoCD, Flux, Helm, Terraform — deploy however your team works.

  • ArgoCD compatible
  • Flux reconciliation
  • Helm charts included
  • Terraform provider
Frequently Asked Questions

Ready to move the target?

Deploy Phoenix OSS Read the Research