eBPF-based observability for AI workloads in Kubernetes
AIOStack® automatically discovers and monitors AI infrastructure across your Kubernetes clusters using eBPF. It captures AI-related traffic (OpenAI, Anthropic, HuggingFace, vector databases, MCP servers) at the kernel level without requiring code changes or service restarts. Get immediate visibility into shadow AI deployments, per-team cost attribution, and security insights.
- Zero-instrumentation discovery: Automatically detect LLM API calls, model downloads, vector databases, and AI agents across all pods
- AI Bill of Materials (AIBOM): Complete inventory of models, APIs, and AI dependencies running in your infrastructure
- Cost attribution: Map API usage and token consumption to Kubernetes namespaces, service accounts, and teams
- Compliance audit trails: Generate evidence for GDPR, SOC2, and internal audits with pod-level attribution
- Language-agnostic: Works with Python, Node.js, Go, Java, or any language making network calls
- Minimal overhead: <2% CPU impact per node using kernel-level filtering
- Security alerts: Real-time detection of unapproved AI services, data exfiltration patterns, and policy violations (coming soon)
- Kubernetes 1.29+ with eBPF support (EKS, GKE, AKS)
- Linux kernel 5.15+
- Helm 3.x
curl -fsSL https://raw.githubusercontent.com/aurva-io/AIOstack/main/install.sh | bashThe installer will guide you through setup, open app.aurva.ai for signup, and deploy AIOStack® to your cluster. Your AI inventory appears within 60 seconds.
See the Installation Guide for manual Helm installation.
Uninstall
curl -fsSL https://raw.githubusercontent.com/aurva-io/AIOstack/main/uninstall.sh | bashAIOStack deploys two components in your cluster:
Observer (DaemonSet): Runs on each node and loads eBPF programs that hook into kernel tracepoints (tcp_sendmsg, tcp_recvmsg, execve, openat). These programs capture network metadata, DNS queries, and process execution events, filtering for AI-specific patterns (API endpoints, model downloads, vector DB protocols) before forwarding to userspace.
Outpost (Deployment): Receives events from Observers, parses application protocols (HTTP/1.1, HTTP/2, gRPC), classifies AI services using signature matching, and enriches events with Kubernetes metadata by correlating socket inodes to pod identities via /proc/net/tcp and cgroup information.
Traffic is analyzed at the syscall level—before TLS encryption on egress, after decryption on ingress—using uprobes on SSL_write/SSL_read functions. Only metadata (HTTP headers, payload sizes, latencies) is extracted; request/response bodies are never captured.
Read : How we escaped the SSL/TLS Trap
Full documentation: aurva.ai/docs
We're actively developing AIOStack and would love to hear from you:
- Feature requests: GitHub Issues
- Bug reports: GitHub Issues
- Questions: support@aurva.io
Apache License 2.0 - see LICENSE for details.
The hosted version at app.aurva.ai provides managed ClickHouse® storage and UI hosting. All core observability logic will be open sourced in this repository once approved by our Chief Architect.
Built by Aurva