- Published on
- 9 min read
AI Tool Gateways: Sandboxing Agent Access in Kubernetes
AI agents have unlimited ambition and undefined access boundaries. You have sandboxed everything else. Here is how to sandbox your agents too.
Emre Cavunt
Software Engineer • Platform Engineer
- 2026 - Present
Principal Engineer at Sky.com
Shaping the technical direction for Sky AdTech across platform engineering, cloud-native architecture, and Agentic AI systems. I turn strategy into production systems: multi-tenant Kubernetes platforms, secure integration patterns, developer experience, observability, and AI capabilities. My focus is raising the engineering quality bar, setting standards, mentoring engineers, and helping teams make better long-term architecture choices. Still championing the adoption of AI across the organizations, and driving innovation through AI enablement.
- 2025 - 2026
Lead Platform Engineer at Sky.com
Led the design and evolution of a multi-tenant, cloud-native Kubernetes platform for Sky's advertising technology. Drove platform architecture, reliability, security, CI/CD, and observability across GCP, AWS and Azure, enabling teams to ship faster, and AI enablement to driving innovation and championing the adoption of AI in the organization.
- 2023 - 2025
Senior Software Engineer at Sky.com
Modernised critical AdTech services by moving legacy applications onto cloud-native platforms, improving CI/CD, developer experience, and release confidence. DevEx was rebuilt from the ground up. Deployments went from days to minutes. Mentored engineers across teams, championed best practices.
- 2019 - 2023
Co-Founder & Head of Development at Syntonym
Co-founded Syntonym, an AI privacy company building hyper-realistic face anonymisation for video and images. Built and led the engineering from day zero, setting the technical direction for generative AI privacy systems across cloud and edge. Delivered GAN(Generative Adversarial Networks) based pipelines on GKE, AWS, Azure and Nvidia Jetson with real-time video processing in Go, C++, Ray multi-cloud GPU infrastructure.
- 2019
Software Engineer at Pinpointer
9 months at Pinpointer: Built and improved real-time logistics and tracking systems for bulk handling operations, working across backend, frontend, and cloud infrastructure. geolocation APIs on AWS Fargate, Full stack AWS delivery, lambda, fargate, route53, cloudfront, dynamodb, sns/sqs, and more.
- 2016 - 2019
Software Engineer at Aquamanager & Argemera
Solution engineer and forward deployed lead across aquaculture, energy, and smart factory clients. Built customer-facing software for aquaculture, energy, and smart factory systems across IoT, ERP, MRP, and real-time operations. Forward deployed: shaped requirements, presented architecture and implementation plans to C-level executives, translating complex client needs into high-performance aquaculture solutions.
- 2015 - 2016
Software Engineer at Dokuz Eylul University
Worked as a Software Engineer within the university, developing enterprise solutions using Oracle systems and .NET/Java technologies.
Recent Writing
Start with the latest four posts, then head to the full archive for every article, topic, and search.
- Published on
- 8 min read
Network Control with Cilium and Kyverno: Policies That Actually Work
Network policies in most Kubernetes clusters are cargo cult. Teams write them, Kubernetes accepts them, and nothing changes. Cilium actually enforces them — and shows you the traffic.
- Published on
- 22 min read
Authentication 101: A Complete Guide to Modern Identity Methods
Authentication gets easier when you separate login, delegated access, SSO, and workload identity. This guide shows where each one fits.
- Published on
- 10 min read
7 Books That Shaped How I Build Platforms Developers Actually Use
Seven books that shaped how I build platform products people trust, adopt quickly, and keep using.