{"id":"aks-runtime-security-defense-in-depth","text":"AKS provides runtime security defense-in-depth across compute and storage layers: AppArmor and seccomp profiles restrict container actions following least-privilege, while managed disks provide automatic encryption at rest for node storage — but the defense-in-depth model has a gap at the application data layer where Kubernetes Secrets use base64 encoding rather than encryption.","truth_value":"OUT","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{"_retracted":true},"explanation":{"steps":[{"node":"aks-runtime-security-defense-in-depth","truth_value":"OUT","reason":"retracted premise"}]}}