In 2025, the software supply chain remains a prime target for adversaries, but the focus has shifted from poisoning dependencies to subverting the infrastructure that powers delivery itself. Build servers, CI/CD runners, and automation tools are now the new front lines—systems that organizations inherently trust and that run with elevated privileges. Once compromised, these systems can blend malicious activity into normal workflows, making detection nearly impossible. To help defenders stay ahead, here are six essential strategies to understand and defend against these advanced subversion attacks.
1. Understand the Trusted Infrastructure Threat
Build servers and CI/CD runners are high-value targets because they routinely execute privileged actions—compiling code, pulling dependencies, and deploying software. Adversaries exploit this trust, knowing that any code executed through these systems appears legitimate. For example, attackers compromised a self-hosted TeamCity server and remained undetected for over a year, using a benign-looking build configuration to deploy a backdoor with SYSTEM privileges. The malicious activity was indistinguishable from routine operations, as no external binaries or obvious malware were introduced. This underscores a core challenge: in CI/CD environments, malicious behavior often looks exactly like expected behavior.
2. Recognize Shift-Left Tactics
Attackers are increasingly adopting “shift-left” tactics to subvert build runners and poison development dependencies before code reaches production. Instead of breaching the perimeter, they compromise the systems that organizations trust to deliver software—tools like package managers, developer workstations, and automation platforms. This class of intrusion is harder to detect, faster to scale, and bypasses traditional security controls by abusing automation itself. By embedding malicious code early in the pipeline, adversaries can distribute malware widely without triggering alarms, turning an organization’s own processes against it.
3. Secure Build Servers and TeamCity Instances
The TeamCity example highlights why hardening build servers is critical. Ensure these servers are patched regularly, restrict network access, and use strong authentication. Monitor for unusual build configurations—such as tasks that run with SYSTEM privileges or access sensitive internal systems—and implement behavioral baselines. Additionally, consider using dedicated, hardened build agents with minimal permissions and ephemeral environments to reduce the attack surface. Regular audits of build jobs and agent activity can help detect backdoors that blend into normal workflows.
4. Guard Against Automation Weaponization
Pipeline compromise often involves manipulating automation workflows rather than direct malware execution. In one observed intrusion, attackers used a compromised GitLab service account token to create projects containing malicious payloads, which then executed through legitimate pipeline runs. This weaponization of automation tools makes the organization’s own infrastructure carry out the attack. To mitigate this, enforce strict token rotation, implement least-privilege access for service accounts, and monitor for anomalous project creation or pipeline modifications.
5. Implement Least Privilege and Token Hygiene
Service account tokens and API keys are prime targets for attackers seeking to subvert pipelines. Adopt a least-privilege model: tokens should have only the permissions needed for specific tasks, with short expiration times and frequent rotation. Use secrets management tools to store and audit credentials, and avoid embedding tokens in code or build configurations. Additionally, implement multi-factor authentication for all pipeline interfaces and enforce approval workflows for changes to critical release paths.
6. Monitor for Anomalous Pipeline Behavior
Detection in CI/CD environments is challenging because malicious activity often mirrors legitimate automation. Establish baselines for normal pipeline behavior—such as typical build frequency, artifact destinations, and executed commands—then use anomaly detection tools to flag deviations. Pay special attention to unusual privilege escalations, unexpected outbound connections from build agents, and sudden changes in deployment patterns. Integrate pipeline logs with SIEM systems and correlate them with user and system alerts to catch subversion early.
Defending against pipeline subversion requires a shift in mindset: attackers now target the systems you trust most. By understanding these tactics and implementing the strategies above, you can protect your software supply chain from being weaponized against you. Stay vigilant, automate defenses, and remember—your pipeline is only as strong as its weakest token.