SIG Auth is leading efforts to strengthen Kubernetes’ authentication and authorization foundations. This session covers recent and upcoming features shaping security across the stack, including secure image pulls using ephemeral ServiceAccount tokens, new mechanisms for provisioning X.509 certificates to pods, hardened kubelet serving certificate validation, and improvements in authorization policies.