Category: Red Hat Security

The post-quantum cryptography (PQC) transition is well underway in Red Hat Enterprise Linux (RHEL). In May 2025, RHEL 10 delivered post-quantum key exchange algorithms in three major cryptography libraries (OpenSSL, GnuTLS, and NSS), making post-quantum key exchange usable in TLS…

Read more →

In the era of hyper-distributed systems where AI agents traverse our networks, and hybrid clouds stretch from the edge to the core, the “who” and “what” of infrastructure access are more critical than ever. Managing identities across thousands of nodes…

Read more →

As enterprise IT organizations push deeper into operationalizing AI, the conversation has shifted from theoretical capability to hard execution metrics. Whether your team is talking with customers about scaling large language models (LLMs) on restricted local hardware, navigating the real-world…

Read more →

Have you noticed the recent surge of post-quantum cryptography (PQC) roadmaps and Q-day countdowns? They’re hard to miss. Organizations across the industry are rushing to set PQC deadlines as research increasingly suggests the risk of a cryptographically-relevant quantum computer (CRQC)…

Read more →

In distributed system management, defining the “ideal state” of a server is rarely black and white. Different operational goals often create tension between performance tuning and security hardening, where optimizing for one can inadvertently break the other. To resolve this…

Read more →

In the last few years, large language models (LLMs) have moved from research labs to production systems powering critical business functions. This rapid adoption poses a fundamental challenge for enterprises: How do you deploy AI with confidence when models can…

Read more →

If you ship software in containers, you know the vulnerability treadmill: Scanners surface a flood of CVEs, backlogs swell, and teams chase patch velocity as if it were the core business of the company (as opposed to serving customers and…

Read more →

Artificial intelligence (AI) workloads are transforming industries from financial services to healthcare. However, the use of AI models introduces risk around protecting models, weights, and data from malicious actors. While the industry has established robust traditional security frameworks to protect…

Read more →

Organizations are shifting fast toward image-based workflows and AI, but you shouldn’t have to choose between moving quickly and keeping the lights on. Red Hat Satellite 6.19 bridges that gap. This release focuses on hardening the software supply chain and…

Read more →

A practical look at what happens when kernel bugs meet containers.Author’s note: Refer to this Red Hat Security Bulletin for the most recent information about this CVE. This blog post was originally published on May 4, 2026 and has been…

Read more →

A practical look at what happens when kernel bugs meet containersToday, I spent some time trying to break out of a Red Hat OpenShift container.No, not because I had to… but because CVE-2026-31431 dropped, and I wanted to see how…

Read more →

At Red Hat, our deep focus on security doesn’t stop at the code, it extends to how we communicate vulnerability information to our partners and customers. Based on valuable feedback from our partner community, Red Hat Product Security is announcing…

Read more →

Extending confidential computing from individual workloads to the entire cluster is a new frontier in cloud-native security.Today, Red Hat is announcing the Developer Preview of confidential clusters for Red Hat OpenShift, a new feature of OpenShift that extends confidential computing…

Read more →

In our previous 3 articles, we laid the groundwork for a protected Model Context Protocol (MCP) ecosystem by analyzing the current threat landscape, implementing robust authentication and authorization, and exploring critical logging and runtime security measures. These focused on who…

Read more →

Model Context Protocol (MCP) servers often execute code or commands as instructed by an AI agent, exposing them to various risks. To help mitigate these risks, you should implement strict runtime security measures to contain what the server can do…

Read more →

The preview release of Claude Mythos presents a massive challenge for IT security experts, as well as an opportunity (at least for the organizations that can afford it). Mythos represents a new category of frontier model that can not only…

Read more →

Security is an important aspect of any digital undertaking, and Kubernetes is no different. We’ve built Red Hat Advanced Cluster Security for Kubernetes to form a foundational layer of security across fleets, estates, and platforms, be it public, private, or…

Read more →

In product security, AI represents a new and critical frontier. As artificial intelligence becomes mainstream in both defense tools and exploitation methods, security professionals must master these technologies to more effectively protect and enhance their systems.What is AI in cyber…

Read more →

In our first 3 articles, we framed AI security as protecting the system, not just the model, across confidentiality, integrity, and availability, and we showed why the traditional secure development lifecycle (SDLC) discipline still applies to modern AI deployments. We…

Read more →

Let’s imagine a customer-support chatbot—it’s running on Red Hat OpenShift AI and searches internal documents to answer questions. A user asks it a common question, but the chatbot inadvertently retrieves a malicious document that contains hidden instructions like, “ignore all…

Read more →