What’s new at CIQ?

Fuzzball now provisions compute on CoreWeave

The next version of Fuzzball, v3.2.0, includes preview support for the AI-focused cloud computing platform CoreWeave, making CoreWeave the second cloud environment and first “neo-cloud” that can be…

The zero-day gap: why patching alone leaves Linux systems exposed

A new kernel CVE drops on Friday afternoon. Your security team flags it as critical. Exploit code is already circulating on GitHub. Your patch cycle is 30 days. What happens in that gap? For most…

Running Jupyter notebooks on HPC clusters without SSH tunneling

Every HPC center has the same support ticket: "How do I run Jupyter on the cluster?" The answer usually involves SSH tunneling, port forwarding, and a series of steps that look something like this…

Reactive vs. proactive security: why your Linux infrastructure needs both

The reactive security model Most enterprise security operates on a straightforward cycle: detect threats, respond to incidents, patch vulnerabilities, repeat. This model has served organizations well…

CVE management: automate discovery to remediation

When your security team asks, "Are we vulnerable to CVE-2026-XXXX?" the answer needs to come in minutes, not hours. With over 100 new CVEs published daily—and some days exceeding 1,000—manual…

Why security automation belongs in your risk management strategy

Over 100 new CVEs are published daily. Attackers begin scanning for unpatched systems within hours of disclosure. Your quarterly patching cycle leaves you exposed to thousands of vulnerabilities…

How to run interactive HPC workloads alongside batch jobs in a single workflow

Fuzzball Service Endpoints bring interactive computing to HPC workflow orchestration—run Jupyter notebooks, visualize simulations in real time, and coordinate services as part of your computational…

LKRG 1.0: Runtime defense for Linux kernel

LKRG is a kernel module that performs runtime integrity checking of the Linux kernel and detection of security vulnerability exploits against the kernel. For process credentials, LKRG attempts to…

AI workflow orchestration: why separate platforms fail

Why the gap between training and inference exists—and what unified workflows actually look like. Every deployment pipeline you've built to bridge training and inference is technical debt you didn't…

Linux kernel CVEs 2025: what security leaders need to know to prepare for 2026

The first 16 days of 2025 delivered 134 new Linux kernel CVEs (Common Vulnerabilities and Exposures—the standard system for tracking security flaws).1 By October, CISA had added seven kernel…

Congratulations to NVIDIA and SchedMD: A new chapter for Slurm and the HPC community

Yesterday's announcement that NVIDIA has acquired SchedMD marks a significant milestone for the HPC and AI communities. On behalf of everyone at CIQ, I want to extend our congratulations to both…

Fuzzball + Slurm/PBS: Container orchestration meets traditional HPC schedulers

At SC25 in St. Louis, I had the opportunity to showcase one of the most significant new additions to Fuzzball's capabilities: native integration with PBS Professional and Slurm workload managers. This…