ragidi
← back

Building agent fleet architectures your CISO doesn't hate — Lou Bichard, Gitpod

307 views · Jun 27, 2025 · 13:52 min · Watch on YouTube ↗
Takeaway

For regulated buyers, the right agent-fleet architecture is a substrate: customer owns the workload + source code on their cloud, vendor manages the control plane via minimal telemetry — not pure SaaS or pure self-hosted.

Summary

  • Gitpod runs dev environments where engineers spend ~37 hrs/week — mission-critical infra for regulated customers (banks, pharma, healthcare)
  • Architecture evolution: 1) managed SaaS on GCP Kubernetes pods (great UX but crypto mining + enterprise limitations), 2) self-hosted Kubernetes (huge day-two ownership cost), 3) substrate model on AWS where customer hosts workload + source while Gitpod operates the control plane
  • Moved off Kubernetes entirely for the dev-environment workload — published a blog detailing why K8s was wrong for the use case
  • Final architecture (also runs their new agent fleet, launched 2 days before talk): customer-controlled workload boundary, vendor-managed control plane, telemetry only for operations
  • CISO-friendly model preserves customer data sovereignty while reducing ownership burden — a balance you can replicate for any regulated AI agent platform
agent-platformssecurityarchitecture
Original description 
Security is the biggest blocker for agent orchestration adoption in regulated industries for SWE agents. Gitpod's agent orchestration went from an originally self-hosted kubernetes architecture to the current 'bring your own cloud' model that enables deployment our SWE agent orchestration platform in secure environments. The architecture allows customers to securely connect their foundational models and agent memory solutions and comes with features like auto-suspend and resume for agent fleets. In this talk we deep dive into the architecture to share our years of learnings in how to secure agent workloads at scale in secure and regulated environments.

About Lou Bichard   
Lou is Product Manager at Gitpod, a platform for secure development environments for both humans and agents powering some of the world's largest financial, insurance, and health care providers. Lou was previously Principal Engineer for developer experience at DAZN building a platform for ~15M global users in 150+ markets.

Recorded at the AI Engineer World's Fair in San Francisco. Stay up to date on our upcoming events and content by joining our newsletter here: https://www.ai.engineer/newsletter