A reference such as v1 that can point to different code over time. In supply chain security, it is a convenience mechanism that becomes a trust problem when attackers can change what the tag resolves to after teams have approved it.
Expanded Definition
A mutable version tag is a human-friendly label that can be reassigned to different artifacts over time. In software delivery, it is often used for convenience, but in NHI and supply chain governance it creates ambiguity because approval applies to the label, not necessarily the immutable artifact behind it.
The security problem is not the tag itself, but the trust model around it. If build systems, deployment pipelines, or runtime controllers pull by a tag such as v1 instead of a digest or commit pin, then the effective code path can change after review. That breaks traceability and weakens provenance, especially when teams expect a release to remain stable once promoted. Guidance across vendors is still evolving, but the security principle is consistent: the more authority a mutable reference has, the more it needs compensating controls such as signed artifacts, pinning, and controlled promotion workflows. See the NIST Cybersecurity Framework 2.0 for the broader governance expectation around asset integrity and secure change control.
The most common misapplication is treating a mutable tag as an immutable release identifier, which occurs when teams approve the tag once and assume it will always resolve to the same code.
Examples and Use Cases
Implementing tag-based workflows rigorously often introduces release-management overhead, requiring organisations to weigh deployment convenience against the cost of provenance loss and rollback uncertainty.
- Container images are deployed with a tag like latest in staging, but production should pin to a digest so the deployed artifact cannot silently change.
- An AI agent pulls a tool bundle by a version tag from an internal registry; if the tag is moved later, the agent may execute different code than the version that was security reviewed.
- A CI/CD pipeline uses a tag to reference a build dependency, and a malicious or mistaken retag causes the pipeline to ingest an altered package without any manifest change.
- Release engineering promotes v2 from testing to production, but rollback becomes unreliable when v2 no longer maps to the same artifact after a later overwrite.
Mutable reference handling is a recurring governance issue in NHI environments because service accounts, deployment bots, and automation often consume artifacts directly. The Ultimate Guide to NHIs notes that 92% of organisations expose NHIs to third parties, which makes external dependency integrity especially important. For implementation patterns, the NIST Cybersecurity Framework 2.0 reinforces controlled change and verification as core expectations.
Why It Matters in NHI Security
Mutable version tags become especially risky when they are used to control what automated identities can fetch, run, or promote. In NHI environments, a tag change can redirect a service account, deployment robot, or AI agent to unreviewed code while the surrounding process still appears compliant. That makes the label a hidden trust boundary.
Operationally, this matters because tag drift undermines incident response, forensics, and recovery. If the approved label no longer points to the artifact that was originally signed or tested, security teams lose a reliable chain of custody. This is why organisations increasingly pair tags with immutable digests, artifact signatures, and promotion controls in registries and pipelines. NHIMG research shows that 80% of identity breaches involved compromised non-human identities such as service accounts and API keys, and 97% of NHIs carry excessive privileges, which means compromised automation can amplify tag misuse quickly. The Ultimate Guide to NHIs is the clearest NHIMG reference for why identity governance and artifact governance must be treated together.
Organisations typically encounter the impact only after a deployment drift, supply chain compromise, or rollback failure, at which point mutable version tags become operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Mutable references undermine artifact integrity and secret-adjacent supply chain trust. |
| NIST CSF 2.0 | PR.DS | Protecting data and software integrity includes preventing unauthorized reference drift. |
| NIST Zero Trust (SP 800-207) | Zero Trust requires continuous verification, not trust in mutable labels or implicit artifact identity. |
Pin artifacts immutably and verify provenance before allowing NHI-driven deployment or fetch actions.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 23, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
