Skip to main content
🎓 Claude Code Masterclass Learn AI-assisted development on Udemy — plus the companion book on Leanpub & Amazon. Start Learning
Evening booth crawl at PlatformCon London 2026
Platform Engineering

Kyverno Graduates CNCF, and Nirmata Adds AI Governance

Kyverno reached CNCF graduation. Nirmata's CEO on layering AI agents over the policy engine for compliance automation, plus a new LLM governance layer.

LB
Luca Berton
· 2 min read

Kyverno just hit CNCF graduation — the foundation’s top maturity tier — and that milestone was only the opening line of a much bigger conversation I had with Nirmata’s CEO at PlatformCon Live Day London 2026.

Graduation Changes the Adoption Calculus

CNCF graduation is not a symbolic badge. It is the tier that lets risk-averse platform teams in regulated industries put a project on an approved list without a lengthy internal review, because the foundation’s own governance process has already vetted the project’s maturity, security practices, and community health. Kyverno has been widely adopted in exactly those regulated environments already, and graduation removes one of the last procedural objections a platform team’s security review might have raised.

One detail worth flagging for anyone running Kyverno purely for security policy today: cost management is fast becoming a parallel use case for platform teams, applying the same policy-as-code engine to resource quotas, rightsizing enforcement, and waste elimination — not just admission control.

Layering AI Agents on a Deterministic Enforcement Core

The more interesting part of the conversation was where Nirmata is taking the platform next: layering AI agents on top of Kyverno to automate compliance, cost management, and remediation workflows end to end.

The design principle that makes this credible rather than alarming: the enforcement layer stays fully deterministic. Kyverno’s policy engine does not get replaced by an LLM making judgment calls about whether to allow a workload — that would undermine the entire reason regulated teams trust it. What changes is the layer above enforcement: natural language now lets teams generate policies, collect data, and report on compliance, with an agent handling the tedious translation between “what we want to be true” and the actual policy YAML that makes it true. This mirrors the same hybrid-path pattern I heard elsewhere at PlatformCon: keep the deterministic core, wrap agentic convenience around it.

A New Layer: AI Governance Between Users and LLMs

Nirmata is also shipping a distinct AI governance solution that sits between users and LLMs, managing token spend and giving enterprises 360-degree visibility into how AI is actually being used across the organization. That is a different problem than policy-as-code for Kubernetes, but the same underlying instinct: as soon as a capability scales past a handful of early adopters, someone in the organization needs to see what is actually happening with it, and “trust the individual developer’s LLM usage” stops being a viable governance model the moment cost or compliance is on the line.

About the Author

I am Luca Berton, AI and Cloud Advisor. I work at the intersection of platform engineering, cloud security, and enterprise AI deployments. Book a consultation.

Free 30-min AI & Cloud consultation

Book Now