A structural visibility gap exists in organizations deploying large language model workloads in Kubernetes environments: current EDR, CSPM, and SIEM tooling has no visibility into the prompt layer, meaning malicious instruction injection can occur without generating any log, alert, or network anomaly. This is not a CVE-patchable vulnerability but an architectural blind spot that OWASP classifies as LLM01, the top risk in LLM application deployments. CrowdStrike Falcon AIDR addresses this gap specifically for Falcon-instrumented Kubernetes environments.