New Product Line Delivers Inline Zero Trust Enforcement and Continuous Visibility Across VMs, Containers, Kubernetes, and Serverless Workloads
SANTA CLARA, Calif., November 12, 2025 – Aviatrix today introduced Zero Trust for Workloads, a new product line built on the Aviatrix Cloud Native Security Fabric (CNSF) platform that extends zero trust into the runtime layer of the cloud, where modern applications, AI agents, and serverless functions operate.
Aviatrix Zero Trust for Workloads brings pervasive, workload identity-aware enforcement to every workload – virtual machine, container, and function – across AWS, Azure, Google Cloud, and Oracle Cloud Infrastructure (OCI). By embedding zero trust directly into the network layer of the cloud, Aviatrix eliminates lateral movement, prevents data exfiltration, and provides continuous, audit-ready evidence of enforcement – without agents or application changes.
“As enterprises adopt AI and cloud native architectures at scale, the attack surface has moved from the perimeter to every server and device across the IT landscape,” said Jason Bloomberg, Managing Director and Analyst at Intellyx. “Most tools still focus on identity and posture, leaving a blind spot in workload-to-workload communication. Aviatrix closes that gap by enforcing zero-trust directly in the network fabric – delivering the comprehensive, real-time protection modern, distributed applications require.”
From Visibility to Runtime Enforcement
Zero Trust for Workloads unifies Aviatrix’s workload-centric security innovations into a single product family designed to protect workload-to-workload and workload-to-internet communications across multicloud environments. Powered by the Aviatrix CNSF platform, Zero Trust for Workloads delivers pervasive, agentless zero trust controls that adapt to dynamic environments such as Kubernetes, serverless, and AI-driven applications.
“Zero Trust for Workloads isn’t just an extension of our platform – it’s a new product line that operationalizes pervasive zero trust enforcement for the first time,” said Doug Merritt, Chief Executive Officer at Aviatrix. “It gives organizations proof, not promises, that their zero trust strategies are working in the dynamic world of cloud and AI workloads.”
Zero Trust for Workloads offers three experience levels that help organizations advance from discovery to continuous visibility to full cross-cloud runtime enforcement:
The Workload Attack Path Assessment is a free tool for visualization of breach chains and risk discovery.
Aviatrix Workload Threat Visibility is a low-friction entry point for continuous insight and proof of zero trust readiness.
Aviatrix Zero Trust for Workloads adds active full runtime enforcement capabilities.
Discover Risks with the Free Workload Attack Path Assessment
The Workload Attack Path Assessment is a free, agentless diagnostic that reveals how real breaches could move through your cloud. It analyzes flow and DNS telemetry, enriches it with context from tags, subnets, and regions, and reconstructs workload breach chains – correlated runtime behaviors such as lateral movement, malicious egress, and command-and-control that connect exposure to impact.
By surfacing these breach chains, the Workload Attack Path Assessment shows how attackers would progress inside your environment, exposing gaps in segmentation, egress control, and zero trust enforcement that that traditional CNAPP, SASE, and NGFW tools cannot see.
The assessment provides:
Discovery and Assessment – Real-time mapping of workload communications and potential breach paths.
Workload Breach Chain Visibility – Attack path discovery that links detections into realistic exploit progressions.
Zero Trust Validation – Clear evidence of where trust boundaries break down.
Compliance Insight – Findings mapped to ZTMM 2.0, HIPAA 2025, PCI DSS 4.0, and DORA frameworks.
“With the Workload Attack Path Assessment, security teams can finally see how runtime traffic actually behaves – and where zero trust is breaking down,” said Merritt. “By exposing and containing workload breach chains before attackers can exploit them, we’re closing the gap between legacy network security and the dynamic, AI-driven cloud.”
Continuous Insight with Workload Threat Visibility
Workload Threat Visibility is a low-friction, persistent product that provides continuous insight into outbound workload behavior across clouds. It enriches native flow logs with domain, geography, and threat intelligence to expose connections to malicious, foreign, or non-compliant destinations, helping teams baseline exposure and validate zero trust readiness.
Delivered as a SaaS service, Workload Threat Visibility consolidates traffic data from AWS, Azure, Google Cloud, and OCI, translating raw telemetry into human-readable insight while reducing the cost of NAT gateway logging and third-party analytics. It provides organizations with continuous visibility and proof of zero trust enforcement – all without deploying agents or sensors.
“Visibility is always the first step – but proof is what drives zero trust maturity,” said Chris McHenry, Chief Product Officer at Aviatrix. “Workload Threat Visibility gives customers the real-world data they need to validate controls, measure progress, and strengthen enforcement across clouds.”
Full Runtime Enforcement: Zero Trust for Workloads
The full Aviatrix Zero Trust for Workloads offering delivers pervasive, cross-cloud runtime enforcement across every workload communication path – securing traffic to the internet, between applications, and within cloud environments.
Powered by the Aviatrix Cloud Native Security Fabric (CNSF) platform, it embeds inline, identity-aware controls directly into the network layer, providing continuous visibility and enforcement without agents or re-architecture.
Workload-to-Internet: Zero Trust for Workloads inspects and governs outbound traffic through Aviatrix’s high-performance network fabric, blocking malware downloads, preventing data exfiltration, and enforcing geo- and compliance-based egress policies. Every connection from a workload to the internet or SaaS service is monitored, secured, and auditable for compliance.
Workload-to-Workload / Workload-to-Data: Inline segmentation and policy enforcement secure east-west communication between workloads, containers, and data stores across AWS, Azure, Google Cloud, and OCI. Security teams can apply least-privileged access at the application, namespace, or data layer – preventing unauthorized movement or escalation between environments.
Workload Microsegmentation: Using Aviatrix SmartGroups, Zero Trust for Workloads dynamically isolates traffic by VPC/VNet, region, or process, limiting the blast radius of any compromise. Bump-in-the-wire deployment makes this enforcement frictionless to adopt, eliminating the complexity and delay typically associated with network segmentation projects.
Together, these capabilities deliver end-to-end runtime protection – unifying visibility, enforcement, and compliance across every cloud.
The Runtime Foundation for Adaptive, Agentic Systems
Offerings in the new Aviatrix Zero Trust for Workloads product line form the runtime foundation for AI security, extending zero trust into the layer where AI models, APIs, and autonomous agents actually operate. By enforcing policies directly in the cloud network fabric, Aviatrix protects data in motion across distributed compute frameworks – from Kubernetes clusters to serverless functions – and provides the continuous visibility, containment, and compliance proof required for responsible AI deployment across all major clouds.
By combining Workload Attack Path Assessment (free discovery), Workload Threat Visibility (continuous insight), and Zero Trust for Workloads (active enforcement), Aviatrix delivers the runtime foundation for adaptive, agentic systems – enabling secure AI workloads that operate autonomously across AWS, Azure, GCP, and OCI.
To learn more about Aviatrix Zero Trust for Workloads and explore the free Workload Attack Path Assessment, visit aviatrix.ai/products/zero-trust-for-workloads/.
About Aviatrix
For enterprises struggling to secure cloud workloads, Aviatrix® offers a single solution for pervasive cloud security. Where current cybersecurity approaches focus on securing entry points to a trusted space, Aviatrix Cloud Native Security Fabric (CNSF) delivers runtime security and enforcement within the cloud application infrastructure itself – closing gaps between existing solutions and helping organizations regain visibility and control. Aviatrix ensures security, cloud, and networking teams are empowering developer velocity, AI, serverless, and what’s next. For more information, visit aviatrix.ai.
