Loris Degioanni is the Chief Technology Officer and Founder of Sysdig. He is also the creator of the popular open source troubleshooting tool, sysdig, and the open source container security tool Falco. Prior to founding Sysdig, Loris co-created Wireshark, the open source network analyzer, which today has 20+ million users.
Sysdig is dedicated to ensuring every cloud deployment is secure and reliable. Trusted by innovators worldwide, Sysdig’s cutting-edge solutions and supported open-source projects empower organizations to operate with confidence. As pioneers in cloud-native threat detection and response, Sysdig introduced Falco and Sysdig open source, establishing them as open standards and foundational components of their robust platform.
Can you share the story of founding Sysdig in your backyard and the initial challenges you faced in building a cloud security company from the ground up?
Sysdig is the culmination of a journey that started with my work as a university student in Italy, contributing to the development of Wireshark, an open source network protocol analyzer. After a decade of working on visibility and security, I recognized that the rise of cloud-native infrastructures was creating significant security blind spots. This inspired me to focus on securing software built for the cloud, with runtime insights at the heart of our solution. Starting in my backyard, we faced the usual startup hurdles—building a team, proving our vision, and gaining industry trust. Our open source foundation played an important role in overcoming them.
You transitioned from CEO to CTO. What drove this decision, and how has it allowed you to shape Sysdig’s technical vision?
Entrepreneurship has always been a passion of mine, but technology is an even deeper one. Transitioning to CTO allowed me to focus on what I truly excel at—shaping Sysdig’s technical vision and driving innovation. By bringing in a CEO who complements my skills, I was able to double down on advancing our technology and I let my CEO partner focus on building a sustainable business.
Sysdig has contributed significantly to open-source projects like Falco and Wireshark. Why was adopting an open-source approach central to your strategy from the beginning?
In cybersecurity, collaboration is essential for success. We believe that the “good guys” have a fighting chance only by working together as a community, leveraging shared tools and open standards. This conviction drives our commitment to open source projects like Falco and Wireshark, which have become industry staples and embody our ethos of community-driven security, and Stratoshark, the newest addition to our open source ecosystem that brings the power and depth of Wireshark to cloud visibility.
What inspired the creation of Agentic AI at Sysdig, and how does it differ from using a single AI agent in terms of precision and scalability?
Cloud security is challenging for many reasons, much of which is complicated by how many layers and separate domains are involved. Agentic AI was born out of a need to overcome the limitations of single, individually prompted AI agents. By creating multiple assistants, each trained for specific domains and working collaboratively, we’ve enabled more precise and scalable problem-solving. It’s similar to forming a team of specialists to tackle a complex challenge—each assistant brings expertise, collectively providing better support for the user.
How does Agentic AI enhance the productivity of security teams, and what measures were taken to ensure the accuracy of its recommendations?
Our AI, Sysdig Sage, acts as a true extension of your security team, engaging in proactive and interactive support across multiple domains. By understanding user intent and facilitating conversational interactions, Sysdig Sage boosts productivity by streamlining complex workflows and accelerating human response. To ensure accuracy, we’ve implemented rigorous training and validation processes, using real-world scenarios to refine its recommendations.
Beyond security, how do you envision the Agentic AI approach being applied to other domains within the cloud or technology sectors?
Agentic AI is a natural fit for any domain requiring complex problem-solving. Just as teams of people collaborate to tackle challenges, AI agents can be organized to address non-trivial tasks in fields like DevOps, application development, or even financial technology. We believe this multi-agent approach will become the default for leveraging AI in complex environments.
Can you elaborate on the role of runtime insights in bridging shift-left and shield-right security approaches, as highlighted in your recent white paper?
What we’ve found is that effective cloud security requires shifting left—moving security responsibilities upstream into development proactively—while also shielding right—detecting and responding to threats in production. Unfortunately, adopting shift-left often drowns organizations in vulnerabilities and excessive permissions, leaving them exposed at runtime. With runtime insights, the knowledge of what’s actually in use in production applications, Sysdig helps security teams prioritize real risk and cut vulnerability noise by 95%. In essence, Sysdig helps customers spend less time on security and more time building software.
How does Sysdig use runtime insights to identify and address threats in real-time, particularly in complex environments like Kubernetes and multi-cloud deployments?
We know that cloud attacks unfold in 10 minutes or less. Sysdig continuously monitors the live activity of applications within Kubernetes and multi-cloud environments, leveraging the open-source Falco detection engine to detect suspicious behaviors in real time. This enables security teams to quickly identify threats and respond in alignment with the 5/5/5 Benchmark. By leveraging contextual data—such as active vulnerabilities, permissions, and system interactions—they can effectively prioritize risks and detect potential attacks across complex deployments.
Could you share more details about Sysdig’s forthcoming open-source security project for the cloud? How does it build on your existing contributions like Falco?
Sysdig, Falco, and Wireshark were born from a shared need to make sense of complex, real-time data for better security and operational insights. Wireshark offers unprecedented visibility into network behavior—however, as cloud-native environments and containerized systems emerged, traditional tools could not fully address the challenges of runtime visibility and security monitoring. This gap led to the creation of Sysdig OSS and Falco, open source tools designed to provide the same depth of insight into containers and cloud security as Wireshark did for networks. Stratoshark builds on this legacy, promising Wireshark-like granularity for analyzing cloud system calls and logs in modern, distributed environments, making it an essential tool for today’s engineers and analysts.
How do you see the role of AI evolving in cloud security over the next 5-10 years, and where do you see Sysdig’s place in this landscape?
AI will fundamentally transform how we interact with and consume cloud security software over the next decade. Cloud security’s complexity, multi-domain nature, and high signal volume make it ideal for AI-driven solutions. In the next few years, conversational interfaces will likely become a primary interaction model for cloud security platforms. Sysdig is pioneering this shift, and I expect our innovations to influence the industry broadly.
Thank you for the great interview, readers who wish to learn more should visit Sysdig.
Leave a comment