Two acts, one cluster. First, we build an Internal Developer Platform live using an AI coding agent: ArgoCD for GitOps, Kyverno for policy, Prometheus and Grafana for observability. Then we stress test it. We point the agent at the platform and watch what the governance stack catches and what slips through. Kyverno blocks non-compliant manifests regardless of who generated them. Falco detects unexpected runtime behavior. ArgoCD rejects anything that didn't flow through Git. But the agent prompt that smuggles bad commands past the admission webhook? The output that leaks data because nothing sanitized the response? Those are the gaps. Attendees build the platform, attack it, and leave with a concrete map of what their existing CNCF stack governs and where agent-specific tooling is still needed. We will talk about KGateways role in helping with this layer and other suggestions that will help.