As the popularity of Kubernetes has grown, so has its appeal as a target. In an increasingly hostile environment, the ability to quickly flag suspicious behaviors and investigate and identify their source is becoming crucial. In this talk you will learn how AWS is using eBPF to identify a variety of security risks, e.g. communication with known command and control systems, Tor clients, cryptocurrency miners, and other malicious activity. You will also hear why AWS put eBPF above other options and the lessons they learned along the way.