Container runtime telemetry is the stream of behavioural data collected from a running workload, such as process activity, network connections, and file access. For AI systems, it shows what the workload actually does after deployment, which is essential when prompts, plugins, and external APIs can change behaviour at runtime.
Expanded Definition
Container runtime telemetry is the operational evidence emitted by a live containerised workload while it executes, including process creation, syscall patterns, network destinations, mounted volumes, file access, and privilege changes. In NHI and agentic AI environments, it matters because a workload can appear benign at build time yet behave differently once prompts, plugins, secrets, or external API calls are introduced at runtime.
Unlike image scanning or configuration review, runtime telemetry answers the question of what the workload actually did. That makes it a control plane for detection, investigation, and governance, especially when an AI agent has tool access or can launch subordinate processes. Definitions vary across vendors on whether runtime telemetry includes only kernel-level events or also application logs and service-mesh signals, so teams should define the scope explicitly. A useful reference point is the NIST Cybersecurity Framework 2.0, which frames telemetry as evidence needed for monitoring, response, and continuous improvement.
The most common misapplication is treating runtime telemetry as a compliance checkbox, which occurs when teams collect logs without mapping them to the specific behaviours that indicate secret misuse, lateral movement, or unauthorised tool execution.
Examples and Use Cases
Implementing container runtime telemetry rigorously often introduces storage, tuning, and privacy overhead, requiring organisations to weigh faster detection against the cost of collecting and analysing high-volume behavioural data.
- A model-serving container unexpectedly spawns a shell process after receiving a crafted prompt, and telemetry shows the exact parent-child process chain.
- An AI agent contacts a new external API endpoint after loading a plugin, and network telemetry reveals the destination, timing, and session context.
- A workload reads a mounted secret at runtime and then exfiltrates it through a side channel; process and file telemetry help reconstruct the sequence.
- During investigation of the DeepSeek breach, telemetry concepts help security teams reason about whether sensitive data was accessed, transformed, or exported after deployment.
- Runtime events can be correlated with identity signals and the NIST Cybersecurity Framework 2.0 to show when an NHI-enabled workload moved outside approved behaviour.
In mature environments, telemetry is also used to validate policy enforcement, such as whether a container was blocked from writing to immutable paths or initiating unauthorised outbound connections.
Why It Matters in NHI Security
Container runtime telemetry is essential because NHIs are often trusted to act autonomously, and that trust becomes dangerous when an attacker hijacks credentials, manipulates prompts, or abuses an exposed workload. NHIMG research on LLMjacking shows how quickly exposed AWS credentials can be abused, with attackers attempting access in an average of 17 minutes, which underscores how little time defenders have once a secret or token is live in a runtime path.
Telemetry closes the gap between policy and actual behaviour. It helps determine whether an AI agent used only approved tools, whether a service account accessed sensitive files, and whether a container performed actions inconsistent with its intended role. That matters for governance as much as detection, because without runtime evidence, teams cannot prove whether an NHI or agentic workload remained within its permitted operating envelope.
Container telemetry becomes especially important after a credential leak, suspicious prompt injection, or unexplained data movement, because those incidents force investigators to reconstruct what the workload really did, not what it was supposed to do.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-09 | Runtime evidence helps detect anomalous NHI execution and abuse after deployment. |
| OWASP Agentic AI Top 10 | A-07 | Agent tool use and runtime side effects are core concerns in agentic AI security. |
| NIST CSF 2.0 | DE.CM | Continuous monitoring requires telemetry from live workloads to observe behavior and anomalies. |
Instrument agent executions so unauthorized tool calls and unexpected actions are visible for response.
Related resources from NHI Mgmt Group
- When should organisations treat runtime telemetry as a primary control?
- What is the difference between shift left and runtime enforcement for container security?
- What is the difference between static image security and runtime container security?
- What breaks when a container runtime like runC mishandles mount paths?
