eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

2nd June 2026

In the post-Mythos world, I get notifications almost every day about a new security vulnerability lurking in the dependencies of the open source projects I maintain. Security was already top of mind thanks to supply-chain attacks like SolarWinds and the steady stream of social engineering attacks targeting ecosystems like npm and now it has become molten lava hot.

Luckily, I see this coinciding with the second wave of eBPF adoption, now in security, moving eBPF beyond pushing packets or observing bottlenecks to actually securing the underlying hosts. Just in this edition, we have eBPF securing HPC workloads, protecting MCP servers at Meta, and hardening agent runtimes at Roblox.

This is the inflection point the eBPF ecosystem has spent over a decade building towards. The promise has always been moving programmability safely into the kernel and now that gives us the flexibility to keep up as the AI powered threats evolve. It's new bike day for me and I have some unpacking to do so let’s 🐝 -gin.

The Technical

Create rules to limit the network traffic of a group of targets

RWTH-HPC/hpc-ebpf-filter

An eBPF LSM program to filter user actions on HPC systems

trentas/ptop

Interactive TUI that uses eBPF to live-inspect any Linux process

facebook/mcpguard-dynamic

eBPF sandbox for securing LLM agent tool calls made through MCP

cicd-sensor/cicd-sensor

eBPF runtime security sensor for GitHub Actions and GitLab CI/CD

eunomia-bpf/ActPlane

OS-Level Control Plane for Agent Harnesses with eBPF

yeet-src/airtop

htop for the airwaves, a live 802.11 (Wi-Fi) RF dashboard in your terminal with eBPF

🐝

The Ecosystem

Buzzing Beyond Clouds: The Illustrated Children's Guide to Cilium

Cilium explained for children of all ages

Powering multi-cluster workloads with seamless cross‑cluster networking for Azure Kubernetes Fleet Manager

Azure Kubernetes Fleet Manager leverages Cilium ClusterMesh of course

Kernel-Level Ground Truth: Why eBPF is Replacing User-Space Agents for Security Observability

The case for moving monitoring to the syscall boundary with eBPF

🐝

The How To

The Video

Behind the Scenes of My KCD Talk on eBPF & GPUs (Conference Vlog)

Donia takes us behind the scenes of her eBPF talk and KCD Czech & Slovak

🐝

The Events

Cloud Native Berlin x eBPF Berlin

Meetup on June 8th, I'll even be speaking!

ACM SOSP'26 Workshop on eBPF and Kernel Extensions

September 29th in Prague, CfP open through June 19

Linux Plumbers Conference

October 5-7th in Prague, CfP open though July 24

CiliumCon

November 9 in Salt Lake City, CfP open though June 21

🐝 

The Livestreams

eCHO Episode 209: Cilium on VKS with the Broadcom VKS team

eCHO Episode 210: Exploring Multi-Pool IPAM with Cilium 1.19

The Post of the Week

As always, if you’ve seen a blog post, a tool, or anything else eBPF or Cilium related that you think the rest of the community should hear about, send them my way. You can either hit reply or join the #echo-news channel on Cilium Slack. You can also find all of the past episodes on the website.

🐝

To make sure you keep getting these emails, please add bill@isovalent.com to your address book or otherwise mark me as a permitted sender.

Know a friend that needs to be in the know? Forward this to them

Was this forwarded to you? Sign up today!

Written and sent by Bill Mulligan and Katie Meinders. Any feedback is welcome!