Kubernetes security often looks complete on paper. Policies are enforced, permissions align, and scans report clean results. But risk doesn’t announce itself in configuration. A trusted service drifts from its intended role as traffic patterns shift, yet the environment still appears compliant. This video will examine a real Kubernetes production attack that unfolds exactly this way, from detection to response. You'll see how a runtime CNAPP exposes risk by observing service execution and network activity, then correlating that behavior with configuration, identity, and policy context to guide investigation and immediate response. You’ll leave with a clear example of how to identify and respond to runtime risk in Kubernetes before it becomes an incident.