Failure Pattern
Distributed schedulers trust the node requesting scheduling decisions. Attackers impersonate nodes to gain access to compute resources.
What We See in the Field
A compromised node submits scheduling requests as a legitimate compute resource. The scheduler places sensitive workloads onto compromised infrastructure.
Underlying Causes
Distributed schedulers assuming legitimate nodes
Certificate reuse
No workload identity validation
Metadata spoofing
Trust in orchestrator-level signals
Trust-Native Network Resolution
DTL ensures scheduling requests come only from workloads presenting valid TrustKeys. Compromised nodes cannot participate in cluster scheduling.
Broken Trust Assumption
The attacks that exposed this failure pattern were not stealthy break-ins. They were trusted operations.
During incidents such as SolarWinds, Capital One, and Okta, malicious activity was carried out using valid identities and approved execution paths. Certificates were valid. Tokens were accepted. Sessions were authenticated. From the system’s point of view, nothing appeared wrong.
This is the risk of trust inferred from credentials, location, or prior authentication.