CI/CD access is too broad when routine build identities can reach signing, publishing, or repository-modification functions. A strong signal is any pipeline token that can alter artefacts without a separate review step. Teams should verify that routine automation can build software, but cannot independently decide what gets released.
Why This Matters for Security Teams
CI/CD access becomes too broad when a pipeline identity can do more than automate delivery. If a build token can sign artifacts, modify release branches, or publish packages without a separate approval boundary, the pipeline is no longer just a delivery mechanism. It has become a privileged control plane, which turns routine automation into a supply chain risk.
This matters because CI/CD systems now sit between source code, secrets, artifact registries, and production release paths. Once an attacker gains pipeline access, they can often reuse the same trust to tamper with build outputs or exfiltrate secrets. NHIMG research shows how quickly secrets exposure spreads through modern delivery environments in the Guide to the Secret Sprawl Challenge, and the pattern is consistent with broader supply chain incidents documented in the CI/CD pipeline exploitation case study.
Current guidance from the OWASP Non-Human Identity Top 10 and NIST control practice points toward least privilege, separation of duties, and short-lived access, but the real test is whether a routine build identity can independently change what ships. In practice, many security teams discover the scope problem only after a runner has already modified an artifact, rather than through intentional access design.
How It Works in Practice
The simplest way to judge scope is to map each CI/CD identity to a single job: build, test, sign, publish, deploy, or modify repository content. A narrow identity can complete one task and then stop. A broad identity can cross trust boundaries, such as reading source, writing tags, pushing packages, and approving release artifacts. That is usually where access becomes excessive.
Security teams should look for three practical signals. First, whether the same token can both generate and release artifacts. Second, whether credentials persist long enough to be reused across jobs, branches, or environments. Third, whether the pipeline can modify infrastructure or code without an independent review step. These are classic non-human identity controls, not just application pipeline hygiene. The operational model should align with 52 NHI Breaches Analysis, where over-broad machine access repeatedly turns a convenience path into an escalation path.
Practical controls usually include:
- Separate identities for build, sign, and publish stages.
- Just-in-time tokens with tight TTLs for each pipeline job.
- Protected branches and mandatory review before release promotion.
- Write restrictions on artifact registries and package repositories.
- Policy checks that block privilege creep before merge or deploy.
For control mapping, NIST SP 800-53 Rev. 5 security and privacy controls help teams translate this into least privilege, account management, and system integrity requirements, while the OWASP NHI model helps assess whether the identity is acting within its intended machine role. These controls tend to break down when shared runner infrastructure is reused across many projects because the same credential path ends up spanning unrelated trust domains.
Common Variations and Edge Cases
Tighter CI/CD controls often increase release friction, requiring organisations to balance speed against assurance. That tradeoff is real, especially in fast-moving engineering teams where one pipeline may handle dozens of services. The answer is not to remove safeguards, but to place them where privilege changes rather than where routine automation happens.
There is no universal standard for how many pipeline identities are enough. Best practice is evolving, particularly for multi-tenant runners, ephemeral build fleets, and GitOps workflows. In those environments, a single runner may be technically isolated but operationally broad if it can reach multiple repositories or environments. That is why identity scope matters more than where the job executes.
Two edge cases deserve special attention. First, publishing from the same pipeline that compiles code is common, but it becomes risky if the same identity can alter the release target without a separate approval. Second, automated dependency updates are often treated as low risk, yet they can become a route into signing or publishing permissions if token reuse is allowed. For teams formalising this boundary, the right question is not whether the pipeline is “trusted,” but whether each stage has only the authority it needs. That distinction is central to the Ultimate Guide to NHIs and to zero-trust interpretations of machine identity.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF and NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | Broad CI/CD access is an NHI privilege scope problem. |
| OWASP Agentic AI Top 10 | A2 | Autonomous tool access can let CI/CD actions exceed intended scope. |
| CSA MAESTRO | IAM-1 | MAESTRO covers machine identity and least privilege for pipelines. |
| NIST AI RMF | AI RMF supports governance of automated decision and action boundaries. | |
| NIST CSF 2.0 | PR.AC-4 | Least privilege and access management directly apply to CI/CD identities. |
Review pipeline entitlements regularly and remove write access from routine build accounts.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 9, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org