GitHub Actions supply chain attacks expose the CI/CD identity layer

At a glance

What this is: This is an analysis of the TeamPCP GitHub Actions supply chain attack and its core finding that CI/CD compromise becomes an identity exposure problem, not just a code integrity issue.

Why it matters: It matters because pipeline service accounts, tokens, and secrets can provide direct authenticated access to cloud and production environments if they are not tightly governed.

👉 Read Unosecur's analysis of the GitHub Actions supply chain attack and NHI exposure

Context

CI/CD pipelines are execution environments that behave like privileged software identities. When a trusted workflow can read secrets, call cloud APIs, and deploy code, compromise of that workflow becomes an NHI governance problem because the pipeline itself can act with authenticated authority. The primary keyword here is GitHub Actions supply chain attack, and the central failure is weak control over the identities attached to automation.

The TeamPCP campaign is a useful case study because it shows how attackers can turn a trusted build path into a credential collection point. That is not typical of simple malware on endpoints. It is typical of modern supply chain abuse, where the question is not whether code ran, but which non-human identities were available while it ran and what they could reach.

Key questions

Q: How should security teams reduce risk from compromised GitHub Actions workflows?

A: Security teams should treat workflows as privileged non-human identities. The practical fix is to inventory every secret and role a workflow can reach, shorten credential lifetimes, pin external actions to commit hashes, and monitor runtime behaviour for anomalies. If the workflow can deploy, read secrets, or call cloud APIs, it needs identity-level controls, not just code review.

Q: What is the difference between code integrity risk and identity exposure risk in CI/CD?

A: Code integrity risk is about whether the build or dependency was altered. Identity exposure risk is about whether the workflow’s credentials, tokens, or keys were harvested and reused. In practice, identity exposure is usually the higher-impact problem because attackers can operate as a legitimate automation identity long after the modified code is removed.

Q: Why do CI/CD pipelines create special NHI governance problems?

A: CI/CD pipelines combine broad access, automation, and persistence in one place. Their identities often outlive individual jobs, share credentials across environments, and can reach cloud and production systems. That means the organisation is managing powerful machine identities that behave like infrastructure, but are often governed with less rigour than human admin access.

Q: When should organisations treat a pipeline compromise as a privileged access incident?

A: They should do so whenever the workflow can access secrets, deploy code, or make cloud changes. At that point, the compromise is not just a software event. It is an authenticated access event with potential blast radius across connected systems, so containment, revocation, and entitlement review should begin immediately.

Technical breakdown

How trusted GitHub Actions become an identity exposure path

GitHub Actions workflows often run with service accounts, repository secrets, cloud tokens, and deployment roles attached. If a referenced action is modified upstream, the workflow can execute attacker-controlled code while still inheriting legitimate permissions. That makes the build runner a high-value identity execution environment. The critical issue is not just whether the action is trusted, but whether its runtime access is broader than the job truly needs. In practice, every privileged pipeline step becomes a potential credential harvesting point if secrets are exposed during execution.

Practical implication: Inventory every workflow identity and restrict each job to the minimum secrets and token scope required.

Why credential exfiltration from pipelines becomes authenticated access

Pipeline compromise is dangerous because the stolen material is usually already usable. Cloud credentials, SSH keys, Kubernetes secrets, and OAuth tokens are not theoretical artefacts. They are live authentication material that can be replayed until revoked. Once an attacker has them, they do not need password spraying or exploit chaining. They can operate as a legitimate automation identity, which makes detection harder because the resulting API calls often resemble normal deployment traffic. That is why pipelines should be treated as identity issuers and identity consumers at the same time.

Practical implication: Shorten credential lifetimes and require immediate revocation paths for every automation secret.

What makes CI/CD a privileged NHI domain

CI/CD systems sit between source control, cloud infrastructure, and release automation, so they concentrate privileges that are usually spread across multiple control planes. The result is an identity layer with broad reach and limited observability. Service accounts in this layer often persist across projects, share credentials across environments, and retain access long after the original pipeline purpose has changed. That creates standing privilege in an environment that is assumed to be ephemeral. NHI governance has to account for that mismatch or the pipeline remains a blind spot.

Practical implication: Apply least privilege, environment scoping, and continuous behavior monitoring to all build and release identities.

Threat narrative

Attacker objective: The attacker aims to turn trusted pipeline execution into durable authenticated access across cloud and production systems.

1. Entry via compromised GitHub Actions referenced by downstream workflows that already trusted the action and granted it execution rights.
2. Credential harvest through access to cloud credentials, GitHub tokens, SSH keys, Kubernetes secrets, and environment variables during workflow execution.
3. Impact through authenticated reuse of those credentials across cloud and production environments without needing a traditional perimeter breach.

Breaches seen in the wild

• Reviewdog GitHub Action supply chain attack — reviewdog/action-setup GitHub Action supply chain attack exposed secrets.
• Shai Hulud npm malware campaign — Shai Hulud campaign: npm malware exposed secrets on GitHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

GitHub Actions supply chain attacks are really NHI incidents. The modifying action is only the entry point. The more important issue is that downstream workflows often run with identities that can reach cloud, deployment, and secrets systems. Once those identities are exposed, the attacker inherits legitimate access, which is exactly why NHI governance belongs at the centre of CI/CD security. The practitioner conclusion is simple: treat pipeline identities as critical assets, not implementation detail.

Identity blast radius is the right concept for pipeline security. The blast radius is not defined by the compromised action alone. It is defined by every secret, token, and role the workflow could touch before containment. That means inventories, permission mapping, and revocation speed matter more than assumptions about build integrity. The practitioner conclusion is to measure what a pipeline identity can reach before you measure what code it ran.

Traditional code-centric controls understate the real risk in automation systems. Scanning actions, pinning versions, and hardening runners are necessary, but they do not answer the key governance question: which non-human identities were exposed, and for how long did they remain valid? Supply chain defense has to extend into lifecycle management for machine credentials, or the organisation is left defending the wrong layer. The practitioner conclusion is to align CI/CD controls with identity governance, not just software hygiene.

Continuous validation beats after-the-fact cleanup in pipeline compromise scenarios. Once a workflow identity is harvested, delayed response often leaves attackers with enough time to create new tokens or modify access paths. That shifts the centre of gravity toward runtime detection, revocation orchestration, and entitlement review tied to the actual workflow graph. The practitioner conclusion is to assume exposure is broader than the obvious compromised action and to validate identity state continuously.

Pipeline compromise is a preview of broader agentic AI governance failure. The same pattern will repeat wherever autonomous systems hold reusable credentials and act across tools without human confirmation. CI/CD is just the most mature example of a machine identity operating with production reach. The practitioner conclusion is to use pipeline security as the blueprint for agent governance before those controls are needed elsewhere.

From our research:

• 24,008 unique secrets were exposed in MCP configuration files in 2025 alone, the protocol's first year of widespread adoption, according to The State of Secrets Sprawl 2026.
• AI-related credential leaks surged 81.5% year-over-year in 2025, with the surrounding AI infrastructure leaking 5x faster than core LLM providers.
• The Ultimate Guide to NHIs explains how lifecycle controls reduce the blast radius when machine credentials are exposed.

What this signals

Identity blast radius is becoming the decisive planning metric for CI/CD and agentic systems. When workflows and AI services can act with production-level access, the governance question is no longer whether the secret exists, but how far that secret can travel before revocation. The 24,008 unique secrets exposed in MCP configuration files in 2025, according to The State of Secrets Sprawl 2026, shows how quickly machine-facing control planes accumulate exposure.

Pipeline programmes now need to be managed as identity programmes with build semantics attached, not the other way around. That means lifecycle review, environment scoping, and credential telemetry have to be designed together, with the OWASP Non-Human Identity Top 10 used as a control reference for secret sprawl, overprivilege, and third-party risk.

The practical implication is that organisations should expect more attacks to look like normal automation until the identity layer is instrumented properly. Secret rotation alone will not close the gap if the surrounding permissions, issuance paths, and runtime behaviour are not also governed. Teams that build those controls now will be better positioned to contain the next pipeline-originated compromise.

For practitioners

• Map every CI/CD non-human identity Build a complete inventory of service accounts, tokens, SSH keys, and cloud roles used by build and release workflows. Document which repositories, environments, and production systems each identity can access, then review the inventory whenever workflows or dependencies change.
• Scope workflow credentials to single-purpose use Replace long-lived pipeline secrets with short-lived credentials bound to a specific job, repository, or environment. Revoke credentials immediately when an action, workflow, or project is deprecated, and prevent shared secrets across unrelated pipelines.
• Monitor identity behaviour inside automation paths Alert on token use from unexpected locations, new credential issuance during deployment windows, and API calls that do not match established automation patterns. Pair behavioural monitoring with access controls so you can detect misuse even when the credential is valid.
• Pin and validate third-party actions before execution Require commit-hash pinning for external GitHub Actions and review any dependency updates before they are merged into trusted workflows. Use the Ultimate Guide to NHIs to connect this control to broader lifecycle governance, and the 52 NHI Breaches Analysis to ground remediation priorities.

Key takeaways

• CI/CD compromise becomes an identity problem the moment a workflow can authenticate to cloud, deployment, or secrets systems.
• Exposed machine credentials often matter more than modified code because they enable legitimate-looking access after the initial compromise.
• Security teams should inventory, scope, rotate, and monitor pipeline NHIs as critical assets, not supporting infrastructure.

Key terms

• Non-Human Identity: A non-human identity is a machine credential used by software, services, or automation instead of a person. It includes service accounts, API keys, tokens, certificates, and agent identities. In security operations, these identities often carry the most sensitive access paths and require lifecycle governance, not just storage.
• Identity blast radius: Identity blast radius is the amount of access that becomes exposed when a machine credential is compromised. It is measured by the systems, data, and workflows that a token or service account can reach. Effective governance reduces blast radius through scoping, separation, rotation, and rapid revocation.
• Pipeline identity: A pipeline identity is the non-human identity a CI/CD workflow uses to authenticate to cloud, source control, secrets systems, and deployment targets. These identities are often overprivileged because they must automate multiple steps. That makes them high-value targets and a central concern in supply chain security.
• Credential exfiltration: Credential exfiltration is the theft of usable authentication material such as tokens, keys, or certificates. In NHI environments, the stolen item is often already valid and can be replayed immediately. That is why detection must be paired with revocation and entitlement review rather than relying on alerts alone.

What's in the full article

Unosecur's full blog covers the operational detail this post intentionally leaves for the source:

• Detection indicators for anomalous API calls from pipeline service accounts and unexpected token use.
• A practical mitigation sequence for inventorying, scoping, and revoking CI/CD identities after compromise.
• Implementation details for pinning GitHub Actions to verified commit hashes and validating dependency updates.
• How Unosecur positions identity visibility and containment across cloud and CI/CD environments.

👉 The full Unosecur post covers identity-driven detection signals, containment steps, and pipeline credential handling.

Deepen your knowledge

GitHub Actions supply chain attack response and pipeline NHI governance are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls for CI/CD identities and machine credentials, it is worth exploring.