Subscribe to the Non-Human & AI Identity Journal

Who is accountable when a public image leaks secrets?

Accountability should sit with the teams that own image build, approval, and publishing controls, not only with security operations after the fact. If an image contains secrets, the failure usually occurred earlier in the delivery chain. Frameworks such as NIST SP 800-53 and OWASP NHI both support shared responsibility for protecting credentials in artefacts.

Why This Matters for Security Teams

When a public image leaks secrets, the core problem is not simply exposure after publication. It is usually a breakdown in build hygiene, secret handling, review gates, or release governance. That matters because a leaked image can expose API keys, registry credentials, signing material, cloud tokens, or internal endpoints to anyone who can pull it. Once public, the artifact may be copied, cached, mirrored, and reused faster than incident response can contain it.

Security teams often misread this as a monitoring failure, but the real accountability is broader: engineering owns the build inputs, platform teams own the image pipeline, release managers own publication controls, and security owns the guardrails and verification. NIST SP 800-53 Rev 5 Security and Privacy Controls is useful here because it frames control ownership across configuration management, system integrity, and access enforcement, not only detection. For identity-rich build systems, the OWASP Non-Human Identity Top 10 is also relevant because build agents, CI runners, and deployment identities are often the path by which secrets enter the image in the first place.

In practice, many security teams encounter public image secret leakage only after a release has already propagated, rather than through intentional pre-publication review.

How It Works in Practice

Accountability should follow the control point where the failure was introduced. If a developer hardcodes a token into a container layer, engineering owns the defect. If a CI system injects a secret into the build context or cache, platform or DevOps owns the pipeline control failure. If a release process publishes an image without scanning or approval, release governance owns the missing gate. Security operations still play a role, but mostly in detection, containment, and evidence preservation after the fact.

A practical accountability model usually separates four responsibilities:

  • Image authorship: what gets packaged, including base image choice and embedded files.
  • Pipeline control: how secrets are injected, masked, scanned, and excluded from layers.
  • Publishing approval: who can promote an image from test to public registries.
  • Post-release response: how revocation, rebuilds, and customer notification are triggered.

This is where identity and secret governance intersect. Registry write access, signing keys, CI service identities, and deployment tokens should be treated as non-human identities with explicit ownership, short-lived access, and auditability. The best practice is evolving toward secretless build patterns, ephemeral credentials, and mandatory scanning before publish, but there is no universal standard for every supply chain yet. Guidance from the NIST SP 800-53 Rev 5 Security and Privacy Controls helps map these responsibilities to configuration management, access control, and monitoring expectations. In more mature environments, the image signing and attestation chain becomes part of accountability, because it shows who approved what and when.

These controls tend to break down when images are built from many inherited layers in fast-moving CI/CD systems because secrets can enter through templates, dependencies, or automation accounts that are not visible in the final Dockerfile.

Common Variations and Edge Cases

Tighter publishing control often increases delivery overhead, requiring organisations to balance release speed against the risk of secret exposure. That tradeoff becomes sharper in teams with frequent hotfixes, distributed development, or multiple registries.

There are a few common edge cases. Public open-source images may intentionally include sample credentials or test tokens, but those should never be live secrets and should be governed by explicit review. Vendor-provided base images can also create ambiguity: the platform team is still accountable for what it builds on top of them, even if the base layer was supplied externally. Another recurring issue is shared responsibility across business units, where one team creates the image, another signs it, and a third publishes it. In those cases, accountability is best assigned by control, not by job title.

Current guidance suggests that image scanning alone is not enough if the pipeline can still leak secrets into build logs, caches, or layers. Stronger practice includes secret scanning before commit, build-time secret exclusion, registry access restrictions, and rapid revocation if exposure occurs. For identity governance, the OWASP Non-Human Identity Top 10 is a useful reminder that automation accounts often have more privilege than human reviewers realise. In AI-assisted development environments, the Anthropic — first AI-orchestrated cyber espionage campaign report is also a useful reference point for how autonomous tooling can accelerate abuse when secrets are exposed.

Accountability becomes hardest to assign when no one owns the full release chain, because then the leak is treated as a technical accident instead of a control failure.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST SP 800-63, NIST Zero Trust (SP 800-207) and NIST AI RMF set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
NIST CSF 2.0 PR.AC Access control and identity governance are central to image publishing accountability.
OWASP Non-Human Identity Top 10 CI/CD identities and registry tokens are non-human identities that can leak secrets.
NIST SP 800-63 Strong identity assurance supports trustworthy approval and release workflows.
NIST Zero Trust (SP 800-207) SC-7 Zero Trust limits blast radius when build systems or registries are compromised.
NIST AI RMF AI-assisted build tooling can amplify secret exposure and governance gaps.

Inventory automation identities, restrict their secrets, and rotate credentials used in image builds.