Falco

Cloud-native runtime security and threat detection engine using eBPF (or kernel module) to monitor Linux system calls and detect anomalous behavior in real time. Falco rules define expected behavior; violations generate alerts sent to Slack, PagerDuty, webhooks, Kafka, or custom sinks. CNCF graduated. Used for detecting container escapes, privilege escalations, unexpected network connections, and data exfiltration attempts in Kubernetes and Linux environments. Generates structured JSON alerts consumable by SIEM systems.

Evaluated Mar 06, 2026 (0d ago) v0.38+
Homepage ↗ Repo ↗ Security runtime-security ebpf threat-detection kubernetes syscall cncf open-source detection
⚙ Agent Friendliness
62
/ 100
Can an agent use this?
🔒 Security
83
/ 100
Is it safe for agents?
⚡ Reliability
80
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
82
Error Messages
75
Auth Simplicity
88
Rate Limits
85

🔒 Security

TLS Enforcement
90
Auth Strength
80
Scope Granularity
75
Dep. Hygiene
88
Secret Handling
82

Apache 2.0 CNCF graduated, actively maintained by security community. eBPF-based monitoring with minimal attack surface. Kernel-level visibility that can't be bypassed by container escape. Regular security audits. Falco itself needs privileged access — protect Falco DaemonSet configuration. Rule management is plain YAML — version control policies.

⚡ Reliability

Uptime/SLA
80
Version Stability
82
Breaking Changes
80
Error Recovery
78
AF Security Reliability

Best When

You need kernel-level runtime threat detection for containerized workloads — detecting behavior that can't be observed at the application or network layer.

Avoid When

You need static analysis or admission-time controls — Falco is detective, not preventive; pair with Kyverno for preventive + detective security.

Use Cases

  • Detect unauthorized system calls from agent containers at runtime — alert when agent workloads attempt to access sensitive files, spawn unexpected processes, or make privileged syscalls
  • Monitor AI agent runtime behavior for anomalies — Falco rules detect when an agent deviates from expected patterns (unexpected network connections, file system access outside permitted paths)
  • Integrate Falco alerts into agent incident response pipelines via webhook sinks — security events trigger automated agent workflows for triage, isolation, and remediation
  • Generate runtime security telemetry for agent audit trails — Falco structured JSON output provides syscall-level visibility into what agents did at runtime
  • Detect and alert on container breakout attempts in multi-tenant agent environments — Falco kernel-level monitoring detects escape attempts that application-level monitoring misses

Not For

  • Admission-time policy enforcement — Falco detects runtime behavior, not pre-deployment policy; use Kyverno or OPA Gatekeeper for admission control
  • Vulnerability scanning — Falco detects behavioral anomalies, not software vulnerabilities; use Trivy or Grype for CVE scanning
  • Application-layer monitoring — Falco works at kernel syscall level, not application API level; use distributed tracing for application-level observability

Interface

REST API
Yes
GraphQL
No
gRPC
Yes
MCP Server
No
SDK
No
Webhooks
Yes

Authentication

Methods: none
OAuth: No Scopes: No

Falco itself has no authentication — it runs as a privileged DaemonSet in Kubernetes. Alert sinks (webhook, Kafka, gRPC) use their respective authentication. Falco sidekick (alert routing component) has its own auth configuration per sink.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Apache 2.0 CNCF graduated. Core Falco is completely free. Sysdig provides commercial support, managed cloud service, and enterprise rule management. Falcosidekick (alert routing) is also Apache 2.0 and free.

Agent Metadata

Pagination
none
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • Falco requires privileged DaemonSet pods (kernel module or eBPF) — deploy on nodes with strict PSP/PSA policies needs explicit exception; security teams must approve Falco's own privileged posture
  • Falco rules must be tuned for your workload — default rules generate high noise for typical containerized applications; expect 1-2 weeks of rule tuning before production-quality alerting
  • eBPF probe vs kernel module vs modern eBPF driver all have different compatibility requirements — check kernel version compatibility before selecting probe driver type for your environment
  • Alert volume can be extremely high on active clusters — implement Falcosidekick with alert aggregation and deduplication before connecting to PagerDuty or Slack to avoid alert fatigue
  • Falco rules use a custom condition syntax (not Rego, not SQL) — LLM-generated Falco rules may have syntax errors; always validate rules with `falco --validate rules.yaml` before deployment
  • Container syscall context in alerts provides pid, uid, command, args but not application-level context (user ID, session, request) — correlate with application logs for full incident context
  • Falco's gRPC output requires falco-exporter or custom consumer — don't expect a simple REST endpoint; implement a gRPC consumer or use Falcosidekick for webhook/HTTP delivery

Alternatives

tetragon-api tracee-api sysdig-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Falco.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5215
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered