Founders House x Cloud Native Helsinki: Security night

Welcome to our April meetup hosted in collaboration with the non-profit Founders House Helsinki and CRACI.
CRACI will sponsor the food and drinks, thank you!

Entrance Info
Please come to the C elevator, which is right across the movie store "filmihullu" behind Roberts coffee. Someone will be waiting at the C elevator to let you into the 8th floor.

Schedule:
17:00 Doors open
17:00 - 17:45 Networking
17:45 - 18:00 Host & organizers - Welcome and practicalities
18:00 - 18:30 Software Supply Chain Attack Vectors when using Generative AI, by Erika Marttinen, Software Engineer, CRACI
18:30 - 19:00 Break, networking
19:00 - 19:30 Right-sized Kubernetes Access Control with Conditional Authorization, by Lucas Käldström, Kubernetes contributor, Upbound
Have you ever struggled writing least-privilege access control policies for Kubernetes? Are you concerned about the wide permissions of installed Helm charts? Do you manage to regularly audit who has access to sensitive resources?
In this talk, Kubernetes contributor Lucas introduces you to open source tools that help you on your defense in depth journey for securing the Kubernetes API surface. They demonstrate how to right-size your RBAC rules semi-automatically, audit who can access sensitive resources, and check whether policy refactors are correct.
This talk is part of a journey to improve Kubernetes access control in core. However, to make this initiative successful, user feedback is needed throughout the process. You’ll learn about the planned Kubernetes Conditional Authorization feature, which will make authoring right-sized policies easier.

19:30 - 20:00 Break, networking
20:00 - 20:30: The LLM Gateway Is an Ingress Controller. Treat It Like One, by Juan Antonio Osorio, Software Engineer, Stacklok
The AI gateway has quietly become the most valuable credential aggregator in the enterprise. One process holds OpenAI, Anthropic, Bedrock, and Gemini keys for every team. The March 2026 LiteLLM TeamPCP supply-chain compromise showed what that costs: one backdoored PyPI release, every credential in the gateway exposed in minutes.
This talk is about what you do before that lands. Every LLM gateway is an ordered pipeline, and the security of the pipeline is a property of its ordering, not of any individual stage. The worked example is upstream Envoy AI Gateway (CNCF project under the Envoy umbrella); the lens applies to any gateway that fronts LLMs.

20:30 - 21:00 Networking

NOTE: The event will be live-streamed on the Cloud Native Nordics YouTube.

NOTE: Signing up for the event gets you a seat at the onsite event.

NOTE: Pictures might be taken during the event and be published to this meetup page. Also there will be a livestream during the event which picks up audio from the space. If you do not want to be included in any pictures, please let the organizers know.