AI inference services on Linux are becoming complex runtime systems. A single vLLM or SGLang deployment may load model weights, tokenizers, LoRA adapters, shared libraries, CUDA components, Python packages, containers, and GPU kernel modules. These changes often happen below the application layer, where traditional AI security controls have little visibility.

This talk presents an open-source prototype for runtime integrity monitoring of Linux AI serving stacks using eBPF. The tool monitors model and shared library loads, suspicious file replacements, container executions, and selected kernel module activity for inference frameworks such as vLLM, SGLang, and PyTorch.

The goal is to show how Linux kernel observability can detect unauthorized runtime drift in AI infrastructure before it becomes a silent production risk.