They often use the build or install path to capture runtime context, then pivot from one exposed credential set into related systems that share trust relationships. The implementation patterns vary by environment, and Entro’s full analysis covers the evidence chain in detail.
Why This Matters for Security Teams
Supply-chain incidents become NHI incidents because build systems, package managers, and deployment pipelines routinely hold the same secrets that production workloads use. Once an attacker reaches the build or install path, they may inherit trust relationships, runtime tokens, and service-to-service access that were never meant to leave the pipeline. That is why compromise in one place often becomes lateral movement across many environments, especially when static secrets are reused or long-lived credentials are embedded in automation. Guidance from OWASP Non-Human Identity Top 10 and NHIMG’s Shai Hulud npm malware campaign both point to the same operational problem: supply-chain trust is frequently broader than teams realise. In practice, many security teams encounter NHI compromise only after a package update, CI job, or deployment hook has already exposed the next credential set, rather than through intentional monitoring of the build path.
How It Works in Practice
Attackers usually start where software is assembled, installed, or verified. A malicious dependency, tampered install script, or compromised maintainer account can expose environment variables, cloud metadata, token stores, or signing material. From there, the attacker looks for what the pipeline can already reach: artifact registries, source control, secrets managers, container platforms, and downstream APIs. This is why credential scope matters as much as credential secrecy. If a pipeline identity can mint or retrieve production secrets, the compromise chain becomes much wider than the original incident.
Current guidance suggests treating the build path as a privileged workload, not a low-risk support function. That means using workload identity rather than static secrets wherever possible, issuing just-in-time credentials per task, and revoking them on completion. It also means replacing broad RBAC grants with intent-based authorisation so the runtime policy checks what the build or agent is trying to do, not only what role it was assigned months ago. The NHI patterns described in NHIMG’s 52 NHI Breaches Analysis and LiteLLM PyPI package breach show how quickly exposed credentials become reusable access once trust is inherited across systems.
- Separate build identities from production identities and deny direct reuse of runtime tokens.
- Use short-lived secrets and automated rotation, not shared credentials in CI variables or package scripts.
- Bind signing, release, and deployment actions to explicit policy checks at request time.
- Log secret access, token minting, and unusual dependency-install behaviour as high-signal events.
Frameworks such as Anthropic — first AI-orchestrated cyber espionage campaign report and CISA cyber threat advisories reinforce that adversaries chain access opportunistically once they discover an identity with useful trust. These controls tend to break down when legacy pipelines depend on persistent service accounts because the environment cannot distinguish routine automation from hostile reuse.
Common Variations and Edge Cases
Tighter supply-chain controls often increase release friction, requiring organisations to balance delivery speed against the overhead of more frequent token issuance, policy evaluation, and provenance checks. That tradeoff is real, especially where multiple teams share a single pipeline or where third-party tooling cannot support modern workload identity.
There is no universal standard for this yet, but best practice is evolving toward per-stage identities, ephemeral credentials, and policy-as-code checks tied to the task being performed. In containerised systems, an attacker may pivot from a package install into Kubernetes service account tokens; in SaaS-heavy environments, the same incident may expose API keys for ticketing, messaging, or observability tools instead. The right control is therefore not just secret hygiene, but trust boundary reduction. NHIMG’s Top 10 NHI Issues and the broader Ultimate Guide to NHIs — Why NHI Security Matters Now are useful reference points for understanding why overprivileged machine identities remain a recurring failure mode.
Edge cases also arise when teams assume that signing artifacts solves credential exposure. Signing helps integrity, but it does not stop attackers from capturing secrets during build, install, or test execution. The same is true for zero trust claims that are not backed by runtime verification of workload identity. In the most fragile environments, a single compromised dependency can become a path to signing keys, registry tokens, and cloud permissions all at once, especially when the pipeline itself has standing access to everything it touches.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Covers overprivileged and long-lived NHI credentials used in supply chains. |
| CSA MAESTRO | Addresses agentic and workload trust boundaries that attackers abuse after initial supply-chain compromise. | |
| NIST AI RMF | Supports governance of autonomous or automated systems that can amplify supply-chain compromise. |
Assign accountability for machine identities, secret handling, and escalation paths across the pipeline.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on May 16, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
