Table of contents
From Cloud Security LIVE 2026. Moderated by Gus Evangelakos, VP of Global Field Engineering, Orca Security. Featuring Mike Behrmann, Director of Cyber Resiliency, Chainguard | Alex Burrage, Head of Product Security, Chainguard
Attackers have figured out that the easiest path into an organization is through the upstream dependencies that organization trusts and consumes automatically. In the last ninety days alone, compromises have hit NPM packages, GitHub Actions, CI/CD pipelines, and tools that developers treat as foundational infrastructure.
Gus Evangelakos, VP of Global Field Engineering at Orca Security, recently sat down with Mike Behrmann, Director of Cyber Resiliency at Chainguard, and Alex Burrage, Director of Product Security at Chainguard, to talk through where the attack surface has actually moved, why credentials have become the most reliable entry point into production environments, and what it looks like to use AI on the defensive side of a pipeline that is under continuous, automated pressure. Here’s an overview of what they covered:
Key Takeaways
- Upstream is the new perimeter. Attackers have identified that the easiest path into an organization is through its third-party dependencies. One compromise can propagate to hundreds of companies automatically.
- Iterate continuously, not just at program inception. The threat model changes faster than any initial thesis can account for. The security programs that stay current are the ones that treat iteration as an ongoing discipline, not a periodic review.
- Mythos and AI-speed attacks do not replace the fundamentals. Identity compromise, credential leakage, and a skilled threat actor walking through the front door remain just as relevant. Cyber resiliency: protect, detect, respond, recover.
- CSPM technology is necessary but not sufficient. Understanding your environment, baselining normal behavior, and applying human judgment to what those baselines mean still matters. Technology helps you move faster — it does not replace context.
- If you are not using AI to secure your build pipeline, you are doing it wrong. Budgets are lean, teams are small. AI augmentation is not optional. The question is how much autonomy to give it, not whether to use it.
The perimeter is now upstream
Gus Evangelakos opened by noting that the conversation around third-party risk has shifted fast — from SBOMs and inventory six months ago to active, daily compromises today. He asked both panelists how they are thinking about the problem now.
Burrage: “Attackers will always go after the weakest point. What has changed is that they have identified that point is upstream of what we are consuming. The easiest way into any organization is not to attack it directly. It is to attack its upstream third-party dependencies, compromise those, and then that organization will consume them for you. One compromise can affect dozens, hundreds of companies, entire industries. And they can go after those weaknesses at AI speed, at machine speed. They can identify and exploit them so much faster than before. These two things together are creating a perfect storm.”
Behrmann: “Public repos are part of the extended production environment at this point. I don’t know that the same rigor went into hardening these environments for a lot of companies — as evidenced by Trivy and things like that. They were considered upstream or adjacent assets. That has all changed. The speed and scale with which vulnerable GitHub misconfigurations can be exploited is accelerating. It doesn’t need to be targeted at a specific company. It can be automated to scan the entire GitHub surface. That raises the stakes for defenders.”
Burrage: “Previously, security might have been focusing on what is the code in our repositories. We are now waking up to the fact that it is everything that lives around that. It is your GitHub Actions. It is everything that runs on your pipeline. All of those things are probably equally impactful and probably less protected. We need to expand our thinking from code and code dependencies to everything that has the ability to touch the code.”
CI/CD risk: the pipeline extends further back than you think
Evangelakos asked how both panelists are approaching risk in the CI/CD pipeline given what has shifted. He noted that even in runtime cloud environments, dev accounts often get deprioritized in budget conversations — and those are exactly where private keys and service accounts live.
Burrage: “You need to think about your pipeline as extending from where all of your dependencies get created all the way through to your product and out the other side. An average feature will be consuming thousands of open source dependencies. You will be running dozens of GitHub Actions, multiple MCPs or AI agents providing input. You have the scale problem and a lack of tooling that can cover all of it. The pipeline goes much further back than you were thinking, and it is also much wider because it is not just the code itself.”
Behrmann: “Iteration is the word that comes to mind. Everyone starts with a thesis around how to defend against a particular threat based on a modeling exercise. But it is just important to continuously iterate. No one gets it right the first time. The threats change. We end up falling back on a couple of other principles: defend at machine speed, and think about your size as an advantage. I don’t need to convince stakeholders globally to enact a change. We can move much more quickly than a large enterprise. How fast can you improve incident over incident so that you get it right?”
Burrage: “The timeline from a malicious dependency being introduced into the pipeline to it being exploited and exfiltrating credentials was in the order of minutes. Outside of normal business hours. Anything that relies on an alert being triggered, a human triaging the alert, some kind of manual response — if that is the way you are operating, you have automatically lost. There is no way a human organization can keep up no matter the scale. If it requires a human to take action, you are going to lose that battle.”
Behrmann: “The silos between enterprise security and product security are over, to be honest with you. Those functions need to come together on a personal level, a technological level, a process level. There is just no room to be an island anymore given the threats.”
Production risk: credentials are the common thread
Evangelakos shifted to production risk — what is actually running in the environment, and how to prioritize it when things scale up and down continuously.
Burrage: “If there is a common thread in the recent spate of attacks, a lot of the damage has been done through compromised credentials. Tokens, auth, in whatever form that takes. Understanding what credentials can gain access to your systems, what permissions each of those have, how they are being rotated, what would happen if they were compromised — this is a real priority now. Attackers go after the weak point, and it feels like that is the weak point right now: the sprawl of auth and weak management around it.”
Behrmann: “I still think it is a very real threat in the form of identity compromise and lateral movement escalation. Mythos’ fixation on chaining together vulnerabilities for exploitation does not change that reality. If your compromised credentials leak into the dark web, become available on a marketplace, and people walk through the front door that your legitimate users are supposed to use — that risk very much exists. A skilled, motivated threat actor, once inside, is still just as dangerous. And the way they are going to get inside more often than not is still identity.”
Evangelakos added his own example: a service role attached to 22,000 Lambda functions, all using the same role. A single credential compromise with blast radius across an entire serverless environment.
AI in the pipeline: how much autonomy is enough
Evangelakos asked a pointed question: is it better to let AI act autonomously, or keep humans in the loop for the final click? At what point does human review become click fatigue that defeats the purpose?
Behrmann: “If you are not using AI to help secure your build pipeline, you are just doing it wrong. There is no option anymore. Budgets are lean, teams are small. You need to augment what you are doing analytically and responsibly with AI. Full autonomy — it is to be determined when that is the right time. You would need to train the model very well and create the conditions for success. But tools like Claude Code’s auto mode have shown to be a viable option for minimizing human intervention without full autonomy.”
Burrage: “Human beings are bad at reviewing code. We have always encouraged peer review, but that has been a little wishful thinking. When people are being asked to review thousand-line PRs, we need to be realistic. The answer is not handing over the keys. It is deploying other agents, other tooling, other automation in place so that those are providing the safeguards. The human being as the gold standard of a check is a little outdated. What we need is checks — and those checks should be other agents with specific guidelines and specific jobs to do in the pipeline.”
Burrage: “You can roll out a skill to your engineering organization’s AI agents, change the way code is being written across the entire organization, without having to talk to anyone or build consensus or have meetings. Deploy a skill and you can rely on it being consistent and remembered equally across the organization over time. That is something we never had before.”
Watch the full session
Watch the full session to dive deeper into their conversation, including: a live example of a service role attached to 22,000 Lambda functions using the same permissions, and Alex’s breakdown of why covering 90% of your dependency tree is not enough.
Watch the Cloud Security LIVE 2026 panel: Beyond the Perimeter
