Your security team locked down Kubernetes. Then developers deployed AI agents needing kubectl, cloud APIs, observability access. You created service accounts with broad permissions.

Now your most privileged identity makes decisions you can't audit, executes actions you can't attribute, invokes tools you can't scope.

Traditional security assumes predictable workloads. Agents are autonomous - your controls don't apply.

Three security gaps:
- Lost Attribution: Audit logs show service account, not which user or why. No accountability.

- Permission Escalation: Agents need broad capability, so they run elevated. Static RBAC can't express context-aware authorization.

- Invisible Tool Chains: Agents invoke MCP servers dynamically. Security sees one identity; attackers see an attack path.

As agents move to production, these become active vulnerabilities.

Learn what to add to security reviews before this becomes your incident.