eBPF Foundation just released their investor due diligence report and there are three key parts that align perfectly with what I'm seeing in the market. First is the idea that kernel-level programmability is the strategic control point. From the report "The companies that own that kernel layer and build upward into analytics, policy management, and workflow integration are structurally positioned to displace incumbents who cannot replicate kernel-level access through any amount of engineering effort." ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­    ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏  ͏ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­ ­  
View in browser
echo-newsletter 111

eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

30th June 2026

 

eBPF Foundation just released their investor due diligence report and there are three key parts that align perfectly with what I'm seeing in the market.

 

First is the idea that kernel-level programmability is the strategic control point. From the report "The companies that own that kernel layer and build upward into analytics, policy management, and workflow integration are structurally positioned to displace incumbents who cannot replicate kernel-level access through any amount of engineering effort."

 

The second is the company evaluation matrix on page 12 where the kernel space logic and sensor depth gives a technical moat while the user space logic creates enterprise workflows. The best companies will combine deep kernel integration with workflows that solve real operational problems.

 

Finally, so far, there have been three waves of acquisitions from Feature & Sensor Upgrades to Platform & Community Land Grabs to AI & Runtime Security Consolidation. Each wave has brought different outcome multiples and I think we are about to enter the 4th and most lucrative wave yet. I need to change my tires for Bright Midnight so let’s 🐝 -gin.

The Technical

Cilium ztunnel – native mTLS for Cilium on Azure Kubernetes Service BYOCNI

Cilium ztunnel with native routing matches unencrypted throughput at 12 Gbit/s

 

Building an Event-Driven Network Policy Engine with eBPF and Cilium

Cilium policy enforcement as BPF map lookups at the TC hook

 

ActPlane: Pushing Agent Harness Enforcement Down to Kernel eBPF

Analyzing blind spots of prompt constraints, tool-layer guards, & sandboxes

 

eBPF and WASM - Better Together

Ship eBPF programs as OCI artifacts with a WASM module for user-space logic

 

Research Update: Verifier-Cooperative Runtime Enforcement for eBPF

Two years in academic research funded by the eBPF Foundation continues

 

A conversation with the eBPF verifier

Two Rust eBPF verifier rejections only made sense after inspecting the bytecode

 

dengtaowei/usbtrace

eBPF-based USB subsystem tracer and diagnostic tool for Linux BSP

 

lothan/evil-bit

eBPF tooling to implement RFC 3514 - the "evil bit" in the IPv4 header

 

Kernel-Guard/bpfcompat

Open-source eBPF compatibility evidence and CI gate

 

ccyrene/prism

One stable identity for the scheduler, network, and tracing in Kubernetes with eBPF

 

altugbozkurt07/agentguard

eBPF probes CPython frame execution and returns early for unprotected processes

 

meta-flutter/agl-health

eBPF-based system health and security observability for Automotive Grade Linux

 

tollwing/tollwing

Per-pod Kubernetes network cost, by AWS billing path with eBPF

 

eunomia-bpf/bpfix

 Turn cryptic eBPF verifier rejection logs into readable, actionable diagnostics

 

yuskesh/apple-container-ebpf-kernel

Build a custom Linux kernel with a full eBPF feature set and run it under Apple's container runtime on Apple Silicon macOS

 

mashirochenkernel/assemblyebpf

A hand-written eBPF tool tree, the eBPF programs are assembly source files

 

tanelpoder/brr

Runtime Reporter and Profiler for eBPF programs

 

avolkov-II/latency-profiler

Measuring and visualizing end-to-end latency in trading systems using eBPF

 

scitags/gbpf

A userspace eBPF VM written in Go

 

yuskesh/spinel-ebpf

Write eBPF programs in Ruby

🐝

 

The Ecosystem

The eBPF Re-Platforming Thesis: An Investor’s Due Diligence Guide

The matrix on page 12 is how I personally evaluate eBPF based companies

 

Securing CI/CD for an open source project: Locking down dependencies

How Cilium hardens its dependency tree: part 2 on CI/CD supply chain security

 

Why cloud native belongs at the heart of agentic AI: Lessons from building a multi-agent security platform on Kubernetes

Orange Innovation uses Cilium to restrict which AI agents can reach which MCP servers, and Hubble to trace inter-agent traffic in a production SOC platform

🐝

 

The How To

Enabling Multicast on Amazon EKS with Isovalent Enterprise for Cilium

to support IP multicast workloads

 

My Saturday afternoon with OVH's Cilium

OVH runs Cilium via ArgoCD, make changes with CiliumNodeConfig

🐝

 

The Video

eBPF, Cilium, and the Future of Kubernetes Networking with Isovalent & VKS

Duffie Cooley on Cilium as a VKS day-zero add-on

🐝

 

The Events

ACM SOSP'26 Workshop on eBPF and Kernel Extensions

September 29th in Prague

 

Linux Plumbers Conference

October 5-7th in Prague, CfP open though July 24

 

CiliumCon

November 9 in Salt Lake City

🐝 

The Livestreams

eCHO Episode 210: Exploring Multi-Pool IPAM with Cilium 1.19

eCHO Episode 210: Exploring Multi-Pool IPAM with Cilium 1.19

  

eCHO Episode 211: Lab Preview: External Auth in Gateway API & Cilium

eCHO Episode 211: Lab Preview: External Auth in Gateway API & Cilium

The Post of the Week

Whatever you can implement without involving anyone else, do that first as it’s the quickest. So yeah do eBPF first so that you have SOMETHING. from Reddit

As always, if you’ve seen a blog post, a tool, or anything else eBPF or Cilium related that you think the rest of the community should hear about, send them my way. You can either hit reply or join the #echo-news channel on Cilium Slack. You can also find all of the past episodes on the website.

🐝

To make sure you keep getting these emails, please add bill@isovalent.com to your address book or otherwise mark me as a permitted sender.

 

Know a friend that needs to be in the know? Forward this to them

Was this forwarded to you? Sign up today!

Written and sent by Bill Mulligan and Katie Meinders. Any feedback is welcome!

LF_KCCNC_headshot_251113_Bill_Mulligan_9686
1755685839473

I work for Isovalent at Cisco which is leading the eBPF-Powered Revolution in Cloud Native Networking, Observability, and Security with Cilium and Tetragon

logo-wordmark-isovalent-vertical-dark@2x
LinkedIn
Bluesky_Logo.svg

Cisco/Isovalent, LLC, 755 Sycamore Drive, Milipitas, CA 95035, United States

Unsubscribe Manage preferences