In 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by GitProtect.
If you want to effectively counter attacks targeted at your code (and business), you need security measures, good practices, and knowledge.
Strengthen your organization’s security posture. Learn about 7 hard truths from the report to discover the latest threats and ways to fight them off.
#1 AI assistants aren’t co-workers, but untrusted actors
The help of artificial intelligence (AI) can be highly advantageous, especially when it’s under the strict control of experienced developers in your team. However, according to our report, AI integrated into a DevOps platform significantly expands the attack surface. The array of emergent threats includes malicious prompt injections, remote code execution, and credential leaks. In 2025 alone, we identified 68 AI-related incidents across popular DevOps platforms.
To counter AI-linked threats, you should follow the Zero Trust approach towards AI assistants by default. You can do it through strict input data sanitation, human verification (human-in-the-loop), and following the rule of least privilege access.
#2 Public repos: The main channel to distribute malware
Supply chain attacks are getting more and more frequent because they enable highly scalable abuse. Threat actors plant malicious code in open-source repositories. Then, it propagates across private corporate ones, facilitated by CI/CD misconfigurations or the use of long-lived tokens.
Do not blindly trust public code and tools, that’s the underlying rule. Verification of dependencies, third-party code, PoCs, and tools is one thing. The other is about securing CI/CD pipelines and developer workflows by, for example, enforcing short-lived, least-privilege tokens and continuously monitoring external repository constituents.
#3 Short-lived secrets are the only way to go
Cloud identity is another popular layer of attacks. Secret leaks are in particular dangerous. Secret leaks are particularly dangerous because they often go unnoticed before turning into serious incidents affecting thousands of repos. What’s more, according to our research, credential theft increased steadily month-over-month in 2025.
To defend your organization, a strictly followed identity hygiene is necessary. This, in particular, means using frequently rotated credentials and short-lived tokens with least-privilege access. Don’t forget about CI/CD workflow, repo, dependency, and cloud account monitoring, adopting phishing-resistant MFA, and careful secret management.
#4 Configuration and automation errors: The single points of (cloud) failure
Errors in configuration and automation flaws were the most popular causes of DevOps cloud outages in 2025. In other words, even well-known cloud platforms operated by big providers can have single points of failure. And each failure can scale globally downstream, causing financial, legal, operational, and compliance-related problems for companies keeping code in an affected cloud.
The key to defending against outages is data sovereignty. You can achieve it by turning to a multi-cloud or hybrid strategy. For example, GitProtect allows you to easily cross-migrate to a different provider or go with your code 100% on-premises.
#5 High-criticality vulnerabilities still happen in numbers
Ignoring vulnerability bulletins from DevOps platforms is not an option nowadays. More than half of all patched vulnerabilities in 2025 were of critical and high severity. In other words, there are a lot of flaws with a potential to cause serious damage, including access to sensitive data or privilege escalation.
The absolute minimum on your part is to follow communications and implement on-time patches. What also counts is third-party dependency auditing and anomaly monitoring.
#6 Phishing attacks bypass multi-factor authentication (MFA)
… not through password hacking but via trusted identity flows, cloud services, and OAuth. The threat landscape continues to evolve in complexity with the help of phishing-as-a-service (PhaaS) infrastructures and the support of hostile state agencies.
To resist, you need to turn to granular Conditional Access policies and harden OAuth flows, consent approvals, and authorized applications. Behavior-based detection is also critical.
#7 Using a third-party cloud doesn’t remove accountability
While clouds are considered quite safe, they are not 100% immune. Your organization’s data in the cloud may include sensitive or personal information, which is protected under regulations such as GDPR or HIPAA. If you fail to protect it through meeting regulatory obligations, you remain fully responsible, not the cloud provider.
As a consumer of managed infrastructure, you need to establish clear rules for data handling with your cloud provider. Other things that count in this respect are vulnerability management, rapid incident response, and continuous monitoring.
Mastering the DevSecOps frontier: Your next steps
The 7 hard truths are just highlights of what you need to grasp to effectively defend your DevOps data. With sophisticated risks in place, you need sophisticated defenses to keep your organization safe.
For a deeper dive, download the DevOps Threats Unwrapped Report 2026 by GitProtect for free to:
- get interesting and current DevOps cybersec stats,
- learn about the latest threat and defense trends,
- discover valuable insights and perspectives that enrich your understanding,
- learn the lesson from dozens of true breach cases to build your experience and wisdom.
Remember, the true resistance starts with (cyber) awareness.
