I don't work at a cloud provider, but I think the reasoning is:
It's a common pattern in malicious actors to immediately spin up several droplets and immediately peg the CPU on each one.
There are, obviously, non-malicious actors who do the same, but it's a bit like wearing a balaclava in public: Likely to raise some suspicion just because it's associated with malicious actors.
It's a common pattern in malicious actors to immediately spin up several droplets and immediately peg the CPU on each one.
There are, obviously, non-malicious actors who do the same, but it's a bit like wearing a balaclava in public: Likely to raise some suspicion just because it's associated with malicious actors.