Part 9/14:

Once inside the CI/CD environment, hackers can execute malicious code that propagates downstream to production, escalating their access and planting persistent footholds. Attackers have exploited compromised actions and containers to exfiltrate secrets, deploy malware, or pivot into internal networks—all while leveraging the automation and trust models that organizations depend on.

Underlying Infrastructure Risks: Runners and Environment Trust

Central to CI/CD security are runners—the machinery that executes workflows. Many organizations rely on either GitHub-hosted runners or self-hosted ones. Self-hosted runners, especially, introduce additional risks if improperly secured.