CrowdStrike released a Falcon Container Sensor collector for Falcon AIDR that provides runtime detection of prompt injection, data leakage, and AI policy violations in Kubernetes-hosted LLM workloads without requiring proxy insertion or architectural changes. This closes a structural visibility gap that conventional EDR, NDR, and SIEM tooling cannot address, because LLM-layer attacks occur at application logic level within otherwise valid HTTPS API calls.