{"id":"gke-autopilot-concentrates-risk-in-naming-conventions","text":"GKE Autopilot eliminates all infrastructure operations (always regional, Google-managed nodes, pod-level billing) but the identity design it shifts to is itself fragile: Workload Identity isolation depends on namespace + service account naming conventions across clusters (same name = same IAM identity), and service accounts require active hardening against dual-nature privilege escalation — concentrating all Autopilot operational risk into Kubernetes naming discipline and IAM policy hygiene.","truth_value":"OUT","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{"_retracted":true},"explanation":{"steps":[{"node":"gke-autopilot-concentrates-risk-in-naming-conventions","truth_value":"OUT","reason":"retracted premise"}]}}