The Collapse of Implicit Trust
The recent campaign carried out by the threat actor known as TeamPCP marks a significant shift in how modern attacks unfold. Rather than targeting a single application or vulnerability, TeamPCP focused on compromising the very tools organizations rely on to secure their environments.
The attack began with the poisoning of a widely used security scanner embedded in CI/CD pipelines. These tools are deeply integrated into the software development lifecycle, automatically scanning code, container images, and infrastructure before deployment. Because of their role, they are granted broad access to source code, build systems, and sensitive credentials across cloud environments.
TeamPCP exploited that position of trust.
By injecting malicious code into the scanner, the attackers were able to harvest credentials directly from CI/CD environments. Those credentials were not isolated. They included cloud access keys, API tokens, and secrets that connected to downstream systems and services.
A Chain Reaction Across the Software Supply Chain
What followed was not a single breach, but a cascade.
Using the stolen credentials, the attackers moved laterally across the software supply chain, compromising additional tools and ecosystems. One of the most visible examples was LiteLLM, a widely used Python library that helps developers interact with large language models. After gaining access to maintainer credentials, TeamPCP published malicious versions of the library, embedding a credential-stealing payload that executed automatically in affected environments.
This is what makes the campaign so significant. It was not just a supply chain attack. It was a chain reaction. A single compromised component in a CI/CD pipeline led to downstream compromises across multiple tools, environments, and ecosystems.
The implications are profound. Security tools, which are often assumed to be inherently trustworthy, operate with some of the highest levels of privilege in modern environments. When they are compromised, they do not just fail. They become one of the most efficient pathways for widespread compromise.
This incident underscores a deeper issue. Many enterprise architectures still assume that certain components can be trusted by default. The TeamPCP campaign demonstrates that this assumption is no longer valid.
A New Kind of Attack Surface
This shift is unfolding alongside a broader transformation in enterprise environments. Cloud adoption, multicloud strategies, containerized applications, and AI-driven services have fundamentally changed how systems are built and operated. What was once a centralized, well-defined environment has become distributed, dynamic, and constantly evolving.
Each workload, API, and service endpoint now represents a potential entry point. Instead of defending a single perimeter, organizations are managing thousands of smaller, often short-lived perimeters. Infrastructure is provisioned through code, services are deployed continuously, and new data flows are introduced at a pace that traditional security models struggle to match.
This expansion has created significant visibility challenges. Many organizations lack a clear understanding of how data moves within their own environments, particularly across cloud boundaries and between workloads. As a result, risk is no longer concentrated at the edge. It is embedded throughout the environment.
Why Traditional Models Fall Short
Security approaches built around perimeter defense are increasingly misaligned with this reality. Historically, organizations focused on inspecting traffic entering and leaving the network, while internal communication was largely trusted. In cloud environments, that assumption no longer applies.
Most critical activity now occurs within the environment itself. East-west traffic, or communication between workloads, has become a primary pathway for both legitimate operations and malicious movement. Yet it often remains under-monitored and insufficiently controlled. Once an attacker gains access to a single workload, lateral movement can occur with minimal resistance.
Outbound, or egress, traffic presents another significant gap. Many cloud environments allow workloads to communicate freely with the internet by default. This creates a direct path for data exfiltration, which attackers routinely exploit after establishing a foothold.
Even when organizations deploy multiple security tools, those tools are often fragmented across environments and lack a unified enforcement layer. The result is a disconnect between detection and action. As the TeamPCP incident demonstrates, those tools can also introduce new risks if they are compromised themselves.
Applying Zero Trust to Workloads
Zero trust has become a widely accepted principle, but in many organizations it is still applied primarily to users and devices. In cloud environments, the greater challenge lies in how workloads communicate with one another.
Applying zero trust at the workload level means that no interaction between services is automatically trusted. Every connection is verified, every request is evaluated, and access is granted based on identity and context rather than location within the network.
This approach directly limits the effectiveness of lateral movement. If an attacker gains access to one workload, they should not be able to move freely across the environment. Each step requires validation, which reduces the likelihood that a single compromise can escalate into a broader breach.
In a world where even trusted tools can be turned into attack vectors, extending zero trust to workload communication becomes essential. It ensures that trust is continuously earned, not assumed.
Designing Security Into the Cloud Fabric
To support this model, security must move closer to the infrastructure itself. This is where the concept of cloud native security fabric (CNSF) becomes increasingly important.
Rather than layering controls on top of existing systems, CNSF embeds enforcement directly into the network fabric of the cloud. It focuses on the actual communication paths between workloads, rather than relying on perimeter defenses that are increasingly easy to bypass.
This approach enables consistent visibility across environments, including east-west traffic that is often overlooked. It allows for dynamic segmentation as workloads spin up and down, and it incorporates identity and context into enforcement decisions, even for encrypted traffic.
Equally important, it addresses one of the most persistent blind spots in cloud environments: egress traffic. By inspecting and governing outbound communication, organizations can significantly reduce the risk of undetected data exfiltration.
By embedding enforcement into the cloud fabric, security becomes both more effective and more adaptable, aligning with the speed and scale of modern infrastructure.
From Prevention to Resilience
The poisoning of a security tool underscores a broader reality: prevention alone is no longer sufficient. The attack surface is too large, and the pace of change is too rapid to assume that all threats can be stopped at the outset.
A more effective approach emphasizes resilience. This means improving the ability to detect abnormal behavior, contain threats quickly, and limit their impact. It also means designing systems with the expectation that compromise is not a possibility, but an inevitability.
Architectural decisions play a central role in this shift. By controlling how workloads communicate and enforcing segmentation across environments, organizations can reduce the blast radius of any single failure. Even if an attacker gains access, their ability to expand that access is constrained.
Security as a Business Imperative
These challenges are not purely technical. As organizations become increasingly dependent on digital systems, cyber risk becomes inseparable from business risk. Decisions about adopting AI, expanding into new markets, or accelerating development cycles all carry security implications.
This makes it critical for security to be integrated into strategic decision-making. It requires alignment between security leaders and executive teams, as well as a shared understanding of how risk impacts business outcomes.
Security teams must also operate as enablers. In fast-moving environments, acting solely as a gatekeeper is not sustainable. The goal is to help the organization move quickly while managing exposure, balancing innovation with resilience.
Building for the Reality of Compromise
The compromise of a trusted component within the software delivery pipeline is a reminder that no system is immune. Every tool, every workload, and every connection represents a potential point of failure.
The path forward is not to eliminate trust, but to redefine it. Trust must be continuously validated, narrowly scoped, and supported by architecture that limits the impact of failure.
By applying zero trust principles to workload communication and embedding security into a cloud native security fabric, organizations can build environments that are more resilient and better aligned with how modern systems actually operate.
In a world where even security tools can be turned against the organizations that rely on them, resilience is foundational.
