In today’s fast-paced world of cloud-native development, Kubernetes has become the de facto operating system of the cloud. But with great power comes great complexity—especially around security and governance.

That’s why our collaboration with ControlPlane is so critical for modern organizations.

While we both tackle distinct areas, combining Nirmata’s policy-as-code platform with ControlPlane’s deep Kubernetes security consulting, GitOps expertise, and defense solutions creates a robust, end-to-end security strategy that helps teams move faster and safer.

What is the Nirmata AI Platform Engineer Assistant?

Nirmata is the AI Platform Engineer’s assistant, powered by Kyverno, the leading open-source Policy-as-Code engine.

Nirmata’s core function is to turn policy-as-code into automated governance for security, compliance, cost, and reliability across any infrastructure. It uses AI agents that work together to close the loop from detection to remediation to enforcement.

Why Enterprises Need AI-Driven Policy Enforcement

Today’s enterprises face four realities:

1. Scale and Complexity: Hundreds of clusters, thousands of nodes, and sprawling IaC repositories make manual enforcement impossible.
2. Rising Regulatory Pressure: From finance to healthcare, industries must prove compliance across both Kubernetes and IaC environments.
3. Operational Burnout: Platform and security teams are inundated with violations, alerts, and repetitive toil.
4. Inconsistent Rules: Disparate and even contradictory policies

Without automation, compliance becomes a bottleneck.

AI for platform engineering flips this equation on its head. Instead of reactive policing, teams gain proactive guardrails and automated policy enforcement, powered by Kyverno, that ensure security, compliance, consistency, cost optimization, and resilience—all while preserving developer velocity.

Inside the Nirmata AI Control Hub

The Nirmata Control Hub leverages several specialized AI agents:

• Nirmata Control Hub Copilot
• Policy as Code Agent (PaC Agent)
• Remediator Agent 

This system offers a Central AI Control Hub to universally manage policies, reporting, and workflows across infrastructure in a single AI-assisted console.

Learn more about Nirmata’s AI Platform Engineering assistant.

ControlPlane: Kubernetes Security Experts

ControlPlane, on the other hand, is a leading Kubernetes security company specializing in threat modeling, penetration testing, and building secure platforms. Their team is composed of seasoned security engineers who are dedicated to securing cloud-native systems against sophisticated attacks.

ControlPlane adds value through:

• Expert Consulting: They help organizations identify vulnerabilities and design platform security from the ground up, ensuring the correct implementation of industry-leading security controls.
• Red and Purple Teaming: ControlPlane’s hands-on security testing uncovers configuration drift, weaknesses in software supply chains, and zero-day vulnerabilities that automated scanners often miss.
• Bridging Policy and Practice: Their expertise ensures that the theoretical policies enforced by a tool like Kyverno are mapped directly to real-world attack vectors and compliance requirements.

The Synergy: Policy, Practice, and Protection

The real power is unlocked when organizations leverage the strengths of both policy automation and deep-seated security expertise.

1. Expert-Driven Policy Creation: ControlPlane’s penetration tests can reveal a subtle configuration weakness. This finding can then be immediately codified into a Kyverno policy via the Nirmata platform, ensuring the vulnerability is instantly blocked across the entire environment—not just fixed manually on one cluster.
2. Continuous Hardening: Nirmata’s policy reporting provides continuous, real-time feedback on compliance status. ControlPlane’s security architects can use this data to prioritize hardening efforts and refine policies to address persistent issues, creating a powerful feedback loop.
3. Secure by Default: By integrating the lessons learned from ControlPlane’s frontline work into Kyverno policies, platform teams can create “Secure by Default” internal developer platforms (IDPs). Developers can self-service environments knowing that expert-vetted security policies are automatically enforced beneath the surface.

Innovation Without Compromise

In an era where every company is a software company and the attack surface is constantly expanding, security can no longer be an afterthought. By combining the proactive, automated governance of Nirmata with the battle-tested security intelligence of ControlPlane, enterprises can finally achieve the DevSecOps agility they need to innovate without compromise.

To learn more about how policy-as-code can secure your Kubernetes environments, explore Nirmata’s platform, and for deep security analysis and threat modeling, check out ControlPlane’s services.

If you are attending KubeCon North America 2025 in Atlanta, we hope to see you at both of our co-located events, KyvernoCon and FluxCon!