AI assistant credentials and identity risk: what changed in April?

TL;DR: April’s attacks showed identity control planes, credential stores, and AI configuration files being targeted as privileged assets, while 5,372 CVEs included 439 identity-related weaknesses and 41 identity product flaws, according to Delinea Labs. The governance break is clear: systems that assume identity is only an authentication layer now fail when configuration files, service accounts, and AI agent settings become execution-level credentials.

NHIMG editorial — based on content published by Delinea: How April’s attacks redefined identity risk

By the numbers:

• April saw 5,372 CVEs disclosed industry wide.
• Of those, 439 were identity-related and 41 directly impacted identity products.
• Bitwarden is used by over 10 million users and 50,000 businesses.

Questions worth separating out

Q: How should security teams govern AI configuration files that contain credentials?

A: Treat them as sensitive identity artifacts, not ordinary application files.

Q: Why do service account tokens increase lateral movement risk?

A: Because they authenticate as valid identities without human interaction and often carry access that persists beyond the original task.

Q: What breaks when identity governance stops at login events?

A: Teams lose visibility into the actions that happen after authentication, including token reuse, secret harvesting, and privilege escalation.

Practitioner guidance

• Classify AI configuration files as governed identity artifacts Move MCP configs, agent settings, and token-bearing files into the same control set used for secrets, service accounts, and privileged credentials.
• Review pipeline identities as part of access governance Inventory GitHub Actions, CI/CD tokens, and third-party build identities, then verify who can publish packages, trigger workflows, and access cloud secrets.
• Reduce standing privilege on service accounts Scope cloud and Kubernetes service accounts to the minimum required resources, and rotate or revoke tokens that remain valid beyond the task window.

What's in the full report

Delinea's full threat report covers the operational detail this post intentionally leaves for the source:

• The month-by-month attack chronology behind TeamPCP, including the supply chain handoff from initial token theft to package compromise.
• The specific identity artifacts targeted in Claude MCP and Kiro environments, including how tokens and endpoints were exposed.
• The incident detail behind the Drift and Omnistealer cases, including how cloud tokens and credential stores were abused in practice.
• The CVE-by-CVE discussion of identity infrastructure flaws and the conditions that made exploitation possible.

👉 Read Delinea's threat report on how April attacks changed identity risk →

AI assistant credentials and identity risk: what changed in April?

Explore further

View Full Forum →  |  NHI Foundation Course →