CircleCI is investigating a security incident that affected their platform and customers, recommending actions for all impacted customers to take in response. Cloudsmith, a user of CircleCI, took proactive measures by rotating sensitive secrets held within secure pipeline contexts after becoming aware of the incident, as part of its existing policy to regularly rotate secrets. Additionally, Cloudsmith verified no unauthorized access attempts were made during the incident through audit logs and observability platforms.