Increased attack surface through additional control plane components - Misconfigured policies may allow unauthorized access - Sidecar injection mechanisms can be exploited - The mesh's certificate authority is a high-value target - Permissive mode (allowing non-mTLS traffic) undermines the security