AI and machine learning workloads are now integral to production environments, moving beyond isolated experiments to public-facing services. This shift raises significant security concerns, particularly in Kubernetes, where these AI models are exposed through APIs like REST or gRPC. Unlike traditional web applications, AI inference endpoints have unique vulnerabilities that require advanced ingress security measures, including Layer 7 inspection and Web Application Firewalls (WAFs). By scrutinizing request payloads, WAFs can prevent malicious traffic from reaching valuable GPU resources, which are expensive to operate. The stakes for platform teams have increased as exposing AI workloads to the internet opens pathways to sensitive infrastructure. There are new risks, such as GPU resource exhaustion from traffic flooding, data exposure through unprotected endpoints, and system fragility due to heavy compute demands. Attackers can exploit these vulnerabilities without needing to cause downtime; they can simply use the service to incur high costs. Threats like cost-based abuse and prompt injection attacks require a reevaluation of existing security protocols, as traditional firewalls fall short against these tactics. Current Kubernetes ingress controllers are not equipped to handle the complexities of AI traffic. They focus primarily on basic routing and TLS termination without the necessary depth to inspect Layer 7 traffic. This blind spot means that legitimate traffic can mask malicious requests, leading to silent budget overruns and compromised data integrity. To address these challenges, solutions like the Calico Ingress Gateway are emerging, providing advanced features such as integrated WAFs, identity-aware access control, and fine-grained rate limiting tailored for AI workloads. These tools aim to secure AI inference endpoints effectively before costly computations occur.