Penetration Testing Reports
ARK undergoes regular security assessments to identify and address potential vulnerabilities in the platform. Note that as per our Disclaimer, security is the responsibility of the operator and user. However, we regularly run assessments to ensure that we enable standard K8S security approaches.
If there are questions on these topics please open an issue and we aim to reply in short-notice.
Report Overview
Penetration testing reports provide detailed analysis of security findings, recommended mitigations, and implementation status for identified vulnerabilities.
Pentest #1
- Assessment Period: July - August 2025
- Remediation Status: August 19, 2025
- Overall Risk Level: Medium-Low, remediated to Low
| Risk Level | Count | Status |
|---|---|---|
| Critical | 0 | - |
| High | 0 | - |
| Medium | 1 | Remediated to Low |
| Low | 3 | Mixed |
| Informational | 2 | Open |
M1. Overly Permissive RBAC Roles
Service accounts had excessive cluster-wide permissions.
Resolution - Partly Remediated
Cluster roles replaced with namespace-specific roles.
Some elevated permissions remain for the Ark MCP service and Ark API service to allow them to directly access the Kubernetes APIs to modify resources such as Agents.
Additional security improvements in progress.
L1. Missing Network Policies
No network segmentation between components
Resolution - Partly Remediated
Policies implemented for ark-system namespace. Default namespace will be a cluster administrator responsibility, operational guides are being updated and additional testing is ongoing.
L2. Container Security Hardening
Missing security configurations across services.
Resolution - In Progress
Privilege escalation prevention, non-root users, read-only filesystems.
L3. No Authentication Documentation for Dashboard
Dashboard and API services lack authentication documentation.
Status - Accepted Risk - Mitigated by local-only deployment design. However, optional OIDC integration is in progress.
IN1. Unencrypted HTTP
Services use HTTP instead of HTTPS.
Status - Accepted Risk
Low impact due to local deployment model. However, service mesh with cert-manager will be updated so that all traffic even in local development mode will be via SSL.
IN2. Missing Security Headers
Dashboard lacks protective HTTP headers.
Status - Remediated (see Pentest #2 L3)
Pentest #2
- Assessment Period: December 2025
- Assessor: DataArt
- Remediation Status: March 31, 2026 (v1.1 retest)
- Overall Risk Level: Medium-Low, M1 remediated
| Risk Level | Count | Status |
|---|---|---|
| Critical | 0 | - |
| High | 0 | - |
| Medium | 1 | Remediated |
| Low | 5 | Open |
M1. Clickjacking Protection
Dashboard and API lacked X-Frame-Options and Content-Security-Policy headers, allowing potential clickjacking attacks against admin functionality.
Resolution - Remediated
Confirmed remediated on March 31, 2026. Application now includes both X-Frame-Options and Content-Security-Policy headers.
L1. Overly Permissive RBAC Roles
Service accounts had overly permissive privileges including wildcard verbs, secrets access, and pods/exec permissions across roles (all-access, argo-workflows-workflow-controller, ark-api-sa-role).
Status - Open
RBAC roles require review following the principle of least privilege to mitigate privilege escalation risks.
L2. Container Security Hardening
Containers missing security hardening: allowPrivilegeEscalation not set to false, no Linux hardening (AppArmor/SELinux/seccomp), processes running as root, and writable root filesystems.
Status - Open
Container security contexts require hardening per CIS Kubernetes and Docker benchmarks.
L3. Missing Security Headers
Application responses missing X-Content-Type-Options, Content-Security-Policy, and Referrer-Policy headers.
Status - Open
Security headers need to be added to all responses returning HTML content.
L4. TLS Version Control
Server supported TLS cipher suites using RSA key exchange without Forward Secrecy (AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256).
Status - Open
Server should be configured to only permit cipher suites with perfect forward secrecy.
L5. Weak Cipher Suites
Server supported cipher suites using CBC mode, vulnerable to padding oracle attacks (POODLE, Zombie POODLE, GOLDENDOODLE).
Status - Open
Server should be reconfigured to exclusively permit high-grade cipher suites without CBC mode.