MCP gives your AI agent hands. Port 443 gives those hands reach.

Agents running in Kubernetes are being built on MCP: a protocol that lets them invoke tools, fetch URLs, read files, and call APIs. The attack surface this creates is real and largely unexamined. One prompt injection is enough to redirect an agent into making an MCP tool call against an attacker-controlled endpoint. The blast radius of a compromised agent extends to everything within reach of its MCP tools. The exfiltration path is indistinguishable from legitimate traffic. Kubernetes NetworkPolicy, operating at L3/L4, cannot see it.

This talk runs the full attack chain live: prompt injection in an Obot-based agent, an MCP tool call redirected outbound, data leaving the cluster on port 443 with no NetworkPolicy violation. Then we look at what enforcement actually requires: a choke point with L7 visibility that understands destination FQDNs, not just IPs and ports.

You will leave with a vendor-neutral threat model for MCP deployments and a public lab repo to clone and run yourself.