Adversaries Weaponize CI/CD Pipelines to Subvert Trusted Software Delivery Infrastructure
Adversaries are increasingly bypassing traditional security perimeters by compromising CI/CD infrastructure, turning trusted automation tools into vehicles for persistent, stealthy, and scalable attacks.

Modern adversaries are increasingly shifting their focus away from traditional perimeter breaches, instead targeting the CI/CD infrastructure that organizations inherently trust to build and deploy software. By compromising build servers, CI/CD runners, and service accounts, attackers can weaponize the very automation tools designed to streamline development, allowing malicious activity to blend seamlessly into legitimate operational workflows SentinelOne Labs.
The technical mechanism behind these attacks relies on the high-privilege nature of CI/CD environments. Because build servers and runners must compile code, pull dependencies, and deploy artifacts, they are often granted elevated permissions, such as SYSTEM-level access. Once an attacker gains a foothold, they can execute malicious tasks that mirror legitimate build processes. In one documented instance, attackers exploited a vulnerable self-hosted TeamCity server and maintained persistence for over a year by creating a benign-looking build configuration. This configuration, executed by a trusted agent, deployed a backdoor into the internal environment without ever triggering traditional security alerts SentinelOne Labs.
Attackers are also leveraging "shift-left" tactics to manipulate automation workflows directly. Rather than introducing external malware, they use compromised service account tokens to inject malicious instructions into the pipeline. SentinelOne Labs reported an incident where an attacker used a stolen GitLab service account token to create projects containing malicious Ansible playbooks. The organization's own CI/CD pipeline then automatically executed these playbooks, treating the attacker's commands as authorized automation. This effectively turns the deployment pipeline into an orchestration mechanism for the intrusion, granting the attacker the same trusted execution and lateral movement capabilities as the legitimate automation tools SentinelOne Labs.
The primary challenge for defenders is that malicious behavior in these environments is often indistinguishable from expected operational activity. Because the actions are performed under valid service identities and follow established release paths, traditional security controls frequently fail to flag them. This class of intrusion is particularly dangerous because it bypasses the need to evade security software; the attacker simply inherits the trust already granted to the build system SentinelOne Labs.
As organizations continue to rely on automated delivery paths, the CI/CD pipeline has become a high-value target that requires specialized monitoring. These attacks highlight a broader trend in the threat landscape where adversaries prioritize the subversion of trusted infrastructure over traditional malware delivery. Moving forward, security teams must treat CI/CD runners and build servers with the same level of scrutiny as production servers, focusing on identity management, least-privilege access for automation tools, and the detection of anomalous patterns within legitimate build workflows SentinelOne Labs.