Likelihood: MODERATE
Impact: HIGH
Treatment: MITIGATE
Confidence: Moderate
Likelihood is moderate because prompt injection exploitation against production LLMs is a demonstrated technique with growing threat actor interest, but active exploitation of this specific gap in Kubernetes-hosted workloads is unconfirmed and requires adversarial access to the prompt surface. Impact is high because a successful attack against a customer-facing or internal LLM can yield sensitive data exfiltration, AI-assisted misinformation, or reputational damage at application scale — consequences that bypass conventional detection entirely and may affect regulated data classes.
Treatment rationale: The visibility gap is addressable through deployment of runtime detection at the LLM layer — a control that now exists as a commercial product — making mitigation the primary treatment rather than acceptance of a gap that vendors and regulators are beginning to treat as material.
Third-Party / Supply-Chain Risk
Organizations using OpenAI-compatible LLM API clients on Kubernetes inherit model-layer risk from the upstream LLM provider: prompt data traverses the provider's inference infrastructure, and policy violations or data leakage may originate or propagate there. Per NIST SP 800-161, these API dependencies constitute supplier relationships requiring assessment of the provider's AI security controls, data handling terms, and incident notification commitments. CrowdStrike Falcon itself is a critical security supplier dependency — sensor-level access to workloads means a compromise or misconfiguration of the sensor has high lateral impact.
Loss Exposure (illustrative)
Magnitude: Moderate to high — illustrative $250K–$2.5M per incident, varying significantly by data sensitivity processed by the LLM, customer exposure of the application, and regulatory jurisdiction
Frequency: Illustrative 1–3 exploitable incidents per year for an organization running multiple customer-facing or internally-integrated LLM workloads on Kubernetes without prompt-layer runtime detection, given the increasing attacker familiarity with prompt injection techniques
Annualized: Illustrative ALE of $250K–$7.5M depending on workload sensitivity and detection maturity — wide range reflects lack of actuarial data for this emerging threat class
Basis: Loss magnitude driven by: data exfiltration response costs (containment, notification, remediation), potential regulatory inquiry costs if regulated data is involved, and reputational damage to AI-dependent products. Frequency driven by: production LLM deployments present a persistent, interactive attack surface; absence of runtime detection means dwell time is unconstrained; threat actor techniques are documented and reproducible. No third-party dollar-figure reports cited — derivation is first-principles from FAIR primary and secondary loss factor categories.
Illustrative estimate — not actuarially derived.
Insurance / Contractual / Legal — Potential Obligations
Potential triggers, not legal determinations. Verify with counsel/broker before acting.
• Sensitive data processed by a production LLM and exposed via prompt injection may invoke state or federal breach-notification obligations if PII or regulated data classes are involved — verify with counsel.
• Undetected AI policy violations resulting in harmful or unauthorized outputs could trigger contractual liability clauses in customer or partner agreements governing AI use — verify with counsel.
• A material gap in AI workload visibility, now recognized by a major security vendor, may affect cyber-insurance representations and warranties regarding security controls in place — verify with broker.