Cilium allows outside actors (world entity) to directly access pods with their internal pod IP, even if they are not exposed explicitly (e.g. via LoadBalancer). A pod that does not authenticate clients and that does not exclude world traffic via network policy may leak sensitive data to an attacker inside the cloud VPC.