Modern software development relies on automated pipelines to build, test, and deploy code quickly. However, this same automation has become a prime target for attackers in 2025. Instead of poisoning dependencies or hijacking packages, adversaries are now compromising the trusted infrastructure that powers the delivery lifecycle—build servers, CI/CD runners, package managers, and developer workstations. These systems run with elevated privileges, execute code automatically, and move artifacts without scrutiny, making them ideal for blending malicious activity into legitimate workflows. The result is a class of intrusion that is harder to detect, scales rapidly, and bypasses traditional security controls by abusing the very tools organizations depend on. Below, we answer key questions about how these attacks work and how to defend against them.
Why Are CI/CD Pipelines a Prime Target for Attackers?
CI/CD pipelines are designed for speed and trust. Build servers and runners routinely execute privileged actions—compiling code, pulling dependencies, moving artifacts, and deploying software. These activities mirror what an attacker would do to establish persistence or distribute malware. Because the pipeline is part of the internal trusted delivery path, any malicious code injected into it appears normal. Attackers gain elevated privileges without raising alarms, can abuse automation to deploy backdoors, and often remain undetected for months. The pipeline's inherent lack of scrutiny makes it a high-value target for subverting the entire software supply chain.
How Do Attackers Subvert Build Servers and Runners?
Adversaries exploit vulnerabilities in build server software, steal service account tokens, or compromise developer credentials to gain access. Once inside, they create benign-looking build configurations that execute malicious tasks. For example, an attacker might add a step that downloads a backdoor from a trusted repository, installs a persistent implant, or modifies source code before compilation. Because these tasks run under the build agent's privileged account (often SYSTEM or root), they can access internal networks and deploy malware without triggering security alerts. The malicious activity blends seamlessly into routine release workflows, making detection extremely difficult.
What Is a Real-World Example of a Build Server Compromise?
In one notable case, attackers exploited a vulnerable self-hosted TeamCity server. They gained access and created a build configuration that appeared harmless but was executed by a trusted build agent running with SYSTEM privileges. That build job deployed a backdoor into internal environments. Since the malicious code was delivered through a legitimate CI/CD task, it looked identical to normal operational activity—no suspicious external binary, no obvious malware delivery mechanism, and the deployment path blended into routine releases. The compromise went undetected for over a year, highlighting how effective these hidden intrusions can be.
How Can Automation Be Turned Against the Organization?
Pipeline compromise doesn't always require direct malware execution on the build server. Attackers often manipulate automation workflows to make the organization's own tools carry out the intrusion. For instance, after compromising a GitLab service account token, an attacker created projects that triggered pipelines to download malicious packages from public registries or exfiltrate secrets. By abusing native automation features—like scheduled runs, webhooks, or artifact sharing—the attacker leverages the organization's infrastructure against itself. This tactic reduces the need for custom malware and makes forensic attribution harder because the malicious actions originate from trusted automation endpoints.
What Tactics Do Adversaries Use to Blend Malicious Activity?
Attackers adopt "shift-left" tactics to target development environments before code reaches production. They poison development dependencies, weaponize build scripts, and subvert CI/CD runners to inject vulnerabilities early in the lifecycle. By compromising systems that organizations inherently trust to deliver software, adversaries ensure their malicious activity is masked as legitimate pipeline operations. They may also use stolen credentials to push code changes through normal pull request workflows, or modify automated tests to ignore suspicious behavior. The result is an intrusion that traditional security controls—focused on perimeter breaches—often miss entirely.
What Are the Biggest Challenges for Defenders in CI/CD Environments?
The core challenge is that malicious behavior in CI/CD looks exactly like expected behavior. Build servers execute code, pull dependencies, and deploy artifacts—all actions that attackers would do. Traditional security tools that scan for malware or detect anomalies often fail because the pipeline's actions are considered trusted. Defenders must shift their mindset: treat CI/CD infrastructure as a high-risk environment, enforce least-privilege for service accounts, monitor build logs for unusual patterns, and implement integrity checks on artifacts and dependencies. Without such measures, adversaries can subvert the pipeline silently, turning automation into a weapon.