Home / Companies / Harness / Blog / Post Details
Content Deep Dive

TeamPCP & Trivy Exploit: Why Open Execution Pipelines Fail

Blog post from Harness

Post Details
Company
Date Published
Author
Jyoti Bansal All this author’s posts
Word Count
4,199
Company Posts That Month
52
Language
English
Hacker News Points
-
Summary

In March 2026, a significant security breach known as the TeamPCP exploit exposed vulnerabilities in CI/CD pipelines that utilize open execution models, where third-party code runs with full privileges. The attack compromised GitHub Actions, allowing the attackers to turn Trivy, a widely used vulnerability scanner, into a tool for harvesting credentials like AWS tokens and SSH keys. This incident, tracked as CVE-2026-33634, affected over 10,000 workflows and highlighted the inherent risks of mutable tags and third-party code execution in open pipelines. The breach spanned various ecosystems, leading to widespread data exposure and demonstrating the need for more secure governed execution pipelines, like those provided by Harness, which control execution through policy gates, customer-owned infrastructure, and scoped credentials. As the industry moves towards more automated and AI-driven processes, the importance of secure pipeline architectures that limit credential exposure and enforce strict execution controls becomes increasingly vital to prevent similar attacks.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Secrets Management 38 1,488 268 99 +7%
Kubernetes 17 1,840 308 106 +33%
AI Agents 6 4,545 963 231 +27%
Observability 2 3,204 716 172 +14%
Developer Experience 1 482 254 106 +18%