Loris Degioanni is the Chief Technology Officer and Founding father of Sysdig. He can also be the creator of the favored open source troubleshooting tool, sysdig, and the open source container security tool Falco. Prior to founding Sysdig, Loris co-created Wireshark, the open source network analyzer, which today has 20+ million users.
Sysdig is devoted to making sure every cloud deployment is secure and reliable. Trusted by innovators worldwide, Sysdig’s cutting-edge solutions and supported open-source projects empower organizations to operate with confidence. As pioneers in cloud-native threat detection and response, Sysdig introduced Falco and Sysdig open source, establishing them as open standards and foundational components of their robust platform.
Are you able to share the story of founding Sysdig in your backyard and the initial challenges you faced in constructing a cloud security company from the bottom up?
Sysdig is the culmination of a journey that began with my work as a university student in Italy, contributing to the event of Wireshark, an open source network protocol analyzer. After a decade of working on visibility and security, I recognized that the rise of cloud-native infrastructures was creating significant security blind spots. This inspired me to deal with securing software built for the cloud, with runtime insights at the guts of our solution. Starting in my backyard, we faced the same old startup hurdles—constructing a team, proving our vision, and gaining industry trust. Our open source foundation played a vital role in overcoming them.
You transitioned from CEO to CTO. What drove this decision, and the way has it allowed you to shape Sysdig’s technical vision?
Entrepreneurship has all the time been a passion of mine, but technology is a fair deeper one. Transitioning to CTO allowed me to deal with what I really excel at—shaping Sysdig’s technical vision and driving innovation. By bringing in a CEO who complements my skills, I used to be in a position to double down on advancing our technology and I let my CEO partner deal with constructing a sustainable business.
Sysdig has contributed significantly to open-source projects like Falco and Wireshark. Why was adopting an open-source approach central to your strategy from the start?
In cybersecurity, collaboration is important for fulfillment. We consider that the “good guys” have a fighting likelihood only by working together as a community, leveraging shared tools and open standards. This conviction drives our commitment to open source projects like Falco and Wireshark, which have grow to be industry staples and embody our ethos of community-driven security, and Stratoshark, the latest addition to our open source ecosystem that brings the facility and depth of Wireshark to cloud visibility.
What inspired the creation of Agentic AI at Sysdig, and the way does it differ from using a single AI agent when it comes to precision and scalability?
Cloud security is difficult for a lot of reasons, much of which is complicated by what number of layers and separate domains are involved. Agentic AI was born out of a must overcome the constraints of single, individually prompted AI agents. By creating multiple assistants, each trained for specific domains and dealing collaboratively, we’ve enabled more precise and scalable problem-solving. It’s much like forming a team of specialists to tackle a posh challenge—each assistant brings expertise, collectively providing higher support for the user.
How does Agentic AI enhance the productivity of security teams, and what measures were taken to make sure the accuracy of its recommendations?
Our AI, Sysdig Sage, acts as a real extension of your security team, engaging in proactive and interactive support across multiple domains. By understanding user intent and facilitating conversational interactions, Sysdig Sage boosts productivity by streamlining complex workflows and accelerating human response. To make sure accuracy, we’ve implemented rigorous training and validation processes, using real-world scenarios to refine its recommendations.
Beyond security, how do you envision the Agentic AI approach being applied to other domains throughout the cloud or technology sectors?
Agentic AI is a natural fit for any domain requiring complex problem-solving. Just as teams of individuals collaborate to tackle challenges, AI agents might be organized to deal with non-trivial tasks in fields like DevOps, application development, and even financial technology. We consider this multi-agent approach will grow to be the default for leveraging AI in complex environments.
Are you able to elaborate on the role of runtime insights in bridging shift-left and shield-right security approaches, as highlighted in your recent white paper?
What we’ve found is that effective cloud security requires shifting left—moving security responsibilities upstream into development proactively—while also shielding right—detecting and responding to threats in production. Unfortunately, adopting shift-left often drowns organizations in vulnerabilities and excessive permissions, leaving them exposed at runtime. With runtime insights, the knowledge of what’s actually in use in production applications, Sysdig helps security teams prioritize real risk and cut vulnerability noise by 95%. In essence, Sysdig helps customers spend less time on security and more time constructing software.
How does Sysdig use runtime insights to discover and address threats in real-time, particularly in complex environments like Kubernetes and multi-cloud deployments?
We all know that cloud attacks unfold in 10 minutes or less. Sysdig constantly monitors the live activity of applications inside Kubernetes and multi-cloud environments, leveraging the open-source Falco detection engine to detect suspicious behaviors in real time. This allows security teams to quickly discover threats and respond in alignment with the 5/5/5 Benchmark. By leveraging contextual data—resembling lively vulnerabilities, permissions, and system interactions—they will effectively prioritize risks and detect potential attacks across complex deployments.
Could you share more details about Sysdig’s forthcoming open-source security project for the cloud? How does it construct in your existing contributions like Falco?
Sysdig, Falco, and Wireshark were born from a shared must make sense of complex, real-time data for higher security and operational insights. Wireshark offers unprecedented visibility into network behavior—nevertheless, as cloud-native environments and containerized systems emerged, traditional tools couldn’t fully address the challenges of runtime visibility and security monitoring. This gap led to the creation of Sysdig OSS and Falco, open source tools designed to supply the identical depth of insight into containers and cloud security as Wireshark did for networks. Stratoshark builds on this legacy, promising Wireshark-like granularity for analyzing cloud system calls and logs in modern, distributed environments, making it an important tool for today’s engineers and analysts.
How do you see the role of AI evolving in cloud security over the subsequent 5-10 years, and where do you see Sysdig’s place on this landscape?
AI will fundamentally transform how we interact with and devour cloud security software over the subsequent decade. Cloud security’s complexity, multi-domain nature, and high signal volume make it ideal for AI-driven solutions. In the subsequent few years, conversational interfaces will likely grow to be a primary interaction model for cloud security platforms. Sysdig is pioneering this shift, and I expect our innovations to influence the industry broadly.
