{"id":6779,"date":"2026-01-30T20:17:07","date_gmt":"2026-01-30T20:17:07","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=6779"},"modified":"2026-01-30T20:17:07","modified_gmt":"2026-01-30T20:17:07","slug":"startup-amutable-plotting-linux-security-overhaul-to-counter-hacking-threats","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=6779","title":{"rendered":"Startup Amutable plotting Linux security overhaul to counter hacking threats"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>If there\u2019s one thing guaranteed to grab attention in the computer security world, it\u2019s announcing yourself without fully explaining what it is you plan to do.<\/p>\n<p>This week, the Linux world got a taste of this enigmatic marketing ploy with the launch out of stealth of Berlin-based Linux security outfit Amutable.<\/p>\n<p>While its purpose is only vaguely defined in <a href=\"https:\/\/amutable.com\/blog\/introducing-amutable\" target=\"_blank\" rel=\"noopener\">the launch announcement<\/a>, nobody could accuse it of lacking ambition: it plans to bring \u201cdeterminism and verifiable integrity to Linux systems\u201d to address the operating system\u2019s security weaknesses.<\/p>\n<p>Most tiny companies nobody has heard of would struggle to make the tactic work, but Amutable\u2019s roster of founders is made up of several well-known Linux figures, headed by former Red Hat and Microsoft engineer <a href=\"https:\/\/en.wikipedia.org\/wiki\/Lennart_Poettering\" target=\"_blank\" rel=\"noopener\">Lennart Poettering<\/a> as chief engineer.<\/p>\n<p>Best known as the developer of the contentious but widely used Linux UEFI boot manager <em><a href=\"https:\/\/en.wikipedia.org\/wiki\/Systemd\">systemd<\/a><\/em>, he has alongside him two other ex-Microsoft employees, <a href=\"https:\/\/www.linkedin.com\/in\/christopherk1\/\" target=\"_blank\" rel=\"noopener\">Chris K\u00fchl<\/a> as CEO, and <a href=\"https:\/\/www.linkedin.com\/in\/christian-brauner\/\" target=\"_blank\" rel=\"noopener\">Christian Brauner<\/a> as CTO.<\/p>\n<p>A clue to Amutable\u2019s plans lies in the announcement\u2019s emphasis on some of its founders\u2019 backgrounds in Kubernetes, <em>runc<\/em>, LXC, Incus, and <em>containerd<\/em>, all connected in different ways to the Linux container stack.<\/p>\n<h2 class=\"wp-block-heading\">Verifiable integrity<\/h2>\n<p>Computing is full of security problems, and Linux is no exception to this rule, given convincing the protective free and open source software community of the wisdom of a radical new idea often turns out to be as big a challenge as the engineering itself.<\/p>\n<p>While Linux distros on desktop computers remain a niche, the technology\u2019s invisible domination of online platforms and cloud container orchestration tools makes it the most important operating system in the world.<\/p>\n<p>That, not surprisingly, has made it a target for attacks, with cybercriminals taking advantage of vulnerabilities allowing privilege escalation, container escapes, and other exploits, as well as embedding backdoors in open source images across Linux\u2019s complex supply chain.<\/p>\n<p>Judging from Amutable\u2019s self-declared vision to bring \u201cdeterminism and verifiable integrity to Linux system,\u201d the founders see plenty of room for improvement.<\/p>\n<p>\u201cToday\u2019s infrastructure approaches security reactively. Software agents watch for vulnerabilities and intrusions; attackers refine their evasion. These defensive approaches are costly, brittle, and ineffective,\u201d the company said.<\/p>\n<p>\u201cAmutable\u2019s mission is to deliver verifiable integrity to Linux workloads everywhere. We look forward to working towards this goal with the broader Linux community.\u201d<\/p>\n<h2 class=\"wp-block-heading\">A cocktail of problems<\/h2>\n<p>The issue presents a rich cocktail of problems, the underlying causes of which are the difficulty of verifying that an image is as its developers intended and hasn\u2019t been tampered with, while also maintaining a verifiable system state. Even existing security tools are struggling to keep up, with a <a href=\"https:\/\/www.csoonline.com\/article\/3971170\/proof-of-concept-bypass-shows-weakness-in-linux-security-tools-claims-israeli-vendor.html\" target=\"_blank\" rel=\"noopener\">2025 proof-of-concept<\/a> showing that it was possible to bypass leading Linux runtime security tools.<\/p>\n<p>This is perhaps what Amutable\u2019s founders mean when they describe the need to \u201creplace heuristics with rigor\u201d to achieve \u201cverifiable integrity.\u201d An image should be cryptographically verifiable in advance, including, ideally, a hash record of every stage of the boot process as well as running continuous checks against a signed file manifest.<\/p>\n<p>In other words, instead of looking for a rogue file or suspicious behavior after the fact, the system would be able to verify itself deterministically.<\/p>\n<p>The Introduction of this model of verifiability into Linux might have mitigated a range of incidents, including a 2023 attack where attackers <a href=\"https:\/\/www.csoonline.com\/article\/4087323\/runtime-bugs-break-container-walls-enabling-root-on-docker-hosts.html\" target=\"_blank\" rel=\"noopener\">exploited CVE-2022-42475<\/a> in Fortinet\u2019s FortiOS SSL-VPN function to implant malware. Or a more <a href=\"https:\/\/www.csoonline.com\/article\/4087323\/runtime-bugs-break-container-walls-enabling-root-on-docker-hosts.html\" target=\"_blank\" rel=\"noopener\">recent vulnerability (CVE-2025-31133)<\/a> in the <em>runc<\/em> Kubernetes container runtime that allowed attackers to break out of containers.<\/p>\n<p>Perhaps the issue\u2019s biggest impact was from the infamous <a href=\"https:\/\/www.csoonline.com\/article\/2077692\/dangerous-xz-utils-backdoor-was-the-result-of-years-long-supply-chain-compromise-effort.html\" target=\"_blank\" rel=\"noopener\">backdoor supply chain hack<\/a> affecting the XZ Utils data compression library that was uncovered by chance in 2024. \u00a0<\/p>\n<h2 class=\"wp-block-heading\">A common goal<\/h2>\n<p>\u201cSecurity of the IT infrastructure is one of the top concerns for decades, and immutability, verification and full coverage of software supply chain throughout the lifecycle of an operating system or complete infrastructure are important contributions to achieve this,\u201d noted <a href=\"https:\/\/www.linkedin.com\/in\/mge1512\/\" target=\"_blank\" rel=\"noopener\">Matthias G. Eckermann<\/a>, director of product management, Linux at SUSE. He pointed out that SUSE is already delivering on this in multiple ways, including its certified Software Supply Chain and its Immutable OS with Transactional Updates.<\/p>\n<p>\u201cWe are looking forward to hearing more from Amutable and collaborating with them on the common goal of improving resiliency and security of open-source infrastructure software,\u201d he said.<\/p>\n<h2 class=\"wp-block-heading\">Technology not the only problem<\/h2>\n<p>Right now, where this goes and how Amutable will make money is up in the air, but it will attract attention.<\/p>\n<p>\u201cSecurity teams are trained to trust signed packages and verified sources. When the supply chain itself is compromised (like the XZ Utils backdoor in 2024), traditional security training doesn\u2019t prepare defenders for that scenario,\u201d commented <a href=\"https:\/\/trainingcamp.com\/author-cporter\/\" target=\"_blank\" rel=\"noopener\">Chris Porter<\/a>, CEO of certification company Training Camp. \u201cIf they [Amutable] can simplify verification, it reduces the expertise burden on security teams who currently lack deep Linux platform knowledge.\u201d<\/p>\n<p>However, technology isn\u2019t the only problem. \u201cAs Linux dominates cloud infrastructure, enterprises need security professionals who understand boot integrity, code signing, and verification, skills that aren\u2019t covered in most certification programs,\u201d said Porter.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>If there\u2019s one thing guaranteed to grab attention in the computer security world, it\u2019s announcing yourself without fully explaining what it is you plan to do. This week, the Linux world got a taste of this enigmatic marketing ploy with the launch out of stealth of Berlin-based Linux security outfit Amutable. While its purpose is [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":6780,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-6779","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6779"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6779"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/6779\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/6780"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6779"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6779"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6779"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}