Because they frequently accumulate broad permissions to keep delivery fast. When a trusted automation identity can create roles, attach policies, or call cloud control APIs, a stolen token becomes an escalation engine. The risk is highest when federation is valid but downstream privilege is loosely governed.
Why This Matters for Security Teams
CI/CD automation accounts are designed to move fast, not to sit inside a clean human identity model. That makes them attractive to attackers because they often authenticate through federation or tokens, then inherit broad downstream permissions in cloud control planes. Once a pipeline identity can create roles, attach policies, or call infrastructure APIs, compromise of one runner or secret can become full account escalation. This is why Guide to the Secret Sprawl Challenge matters: secret sprawl and pipeline trust are usually the same problem seen from two angles.
The risk is not theoretical. NHIMG research on the CI/CD pipeline exploitation case study shows how attackers chain runner access, exposed credentials, and cloud APIs to move from build systems into production environments. NIST’s Cybersecurity Framework 2.0 reinforces the need to manage identity risk as an operational control, not just an account inventory exercise. In practice, many security teams discover the privilege problem only after a pipeline token has already been reused for cloud escalation, rather than through intentional review of automation trust boundaries.
How It Works in Practice
The escalation path usually begins with convenience. A delivery pipeline needs access to deploy code, publish artifacts, update infrastructure, or read secrets. Over time, teams grant the automation identity broad permissions because narrowly scoped access slows releases or breaks edge cases. The dangerous pattern is not simply that the account is privileged, but that it is trusted in ways human users are not: federation is accepted, token lifetime is long enough for abuse, and downstream authorization is often static.
Current guidance suggests treating CI/CD identities as high-risk workload identities and not as service accounts with permanent standing privilege. That means separating build, test, deploy, and maintenance functions; issuing just-in-time credentials for the specific task; and revoking them immediately after use. It also means checking what the automation is allowed to do at request time, not only what role it was assigned last quarter. Where possible, use policy-as-code and cloud-native conditional access to constrain actions such as role creation, policy attachment, key management, or cross-account delegation.
Operationally, the strongest pattern is to combine short-lived tokens with explicit control-plane guardrails. The 230M AWS environment compromise research is a reminder that cloud blast radius grows quickly when identities can pivot across accounts or services. Pair that with secrets hygiene, as highlighted in The State of Secrets Sprawl 2026, where 59% of compromised machines in a major 2025 supply chain attack were CI/CD runners rather than personal workstations. These controls tend to break down when pipelines must support many cloud tenants with shared runners because cross-environment reuse makes least privilege hard to preserve.
Common Variations and Edge Cases
Tighter pipeline controls often increase delivery overhead, so organisations have to balance release speed against the risk of hidden privilege accumulation. That tradeoff becomes more visible in multi-tenant build systems, ephemeral preview environments, and legacy release jobs that were never designed around workload identity. In those environments, teams often leave broad cloud permissions in place because changing the pipeline means changing release engineering, secret distribution, and approval workflows at the same time.
Best practice is evolving on how much autonomy to give automation, especially when pipelines trigger infrastructure changes without a human in the loop. Some organisations rely on RBAC alone, but that is usually too coarse for CI/CD because static roles do not capture whether the job is building code, deploying to staging, or rotating production secrets. A more resilient model is to align identity to workload, reduce token TTL, and require context-aware authorisation for privileged actions. NHIMG’s Azure Key Vault privilege escalation exposure shows why secret stores themselves must be treated as escalation targets, not just storage locations. Where shared runners, legacy tooling, or vendor-managed integrations are unavoidable, organisations should assume compromise paths will be longer and monitor for role changes, unusual API calls, and cross-account use, because those are the signals that matter most when automation identities are abused.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | CI/CD accounts often rely on overlong secrets and tokens. |
| OWASP Agentic AI Top 10 | A-04 | Automation can act autonomously through cloud APIs like an agent. |
| CSA MAESTRO | ID-02 | Workload identity and runtime authorization are central to pipeline governance. |
| NIST AI RMF | Agentic and automated decision-making needs governed risk and accountability. |
Bind each pipeline stage to a distinct workload identity with least privilege and JIT access.
Related resources from NHI Mgmt Group
- Why do cloud breaches get worse when MFA is missing on privileged accounts?
- Why do stale service accounts become more dangerous when AI is connected to enterprise systems?
- Why do cyberattacks in hybrid environments so often become expensive?
- Why do non-human identities create more risk than many human accounts?
