Finding Ghost Agents: Detecting an AI Agent Running in Kubernetes With No Source Code

Last month, while running a scan against a client's production Kubernetes cluster, we found something that shouldn't exist. A Python process. Active network connections to api.openai.com and a Pinecone index. Execution every 4 minutes, consistent with an agent loop. No deployment manifest. No pod spec. No configmap. No source code anywhere in the repository. An AI agent — running in production — that no one on the team knew about. We call it a GHOST agent. It exists at runtime. It doesn't exist anywhere in your inventory. Why this happens AI agents don't always get deployed the way software is supposed to get deployed. A developer runs a quick test in production because staging doesn't have the right data. A contractor drops a script on a node. An agent framework spins up a subprocess that outlives its parent. Someone deploys via kubectl exec and never creates a manifest. The result: agents running in production with access to your APIs, your vector databases, your internal tools — wit