Public story · 2026-02-26 · source-backed
Harden CI/CD Against AI Agent Supply Chain Attacks
Story
Domain: agent-security | Difficulty: advanced | Source
Five-layer defense post-Clinejection: (1) Scope --allowedTools to read-only for triage agents, (2) Separate cache boundaries between low/high privilege workflows, (3) Distinct npm tokens for nightly vs production, (4) OIDC trusted publishing via GitHub Actions, (5) Never interpolate user-controlled data into AI agent prompts.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Same source / Shared topic / Earlier coverage / Tension
Agent Security (Priority: +2.0)
Both cover GitHub Actions, Harden CI, OIDC; cite the same source (Source); overlapping topics (action, against, agent).
Shared entities / Shared topic
npm Trusted Publishing with OIDC
Both cover Clinejection, Difficulty, Domain, GitHub Actions; overlapping topics (action, agent-security, difficulty).
Shared entities / Same source / Shared topic
Cline CLI Supply Chain Attack Post-Mortem
Both cover Clinejection, GitHub Actions, OIDC; cite the same source (Source); overlapping topics (action, attack, cache, chain).
Shared entities / Shared topic / Tension
Defend Against Weaponized MCP Servers (ARXON Pattern)
Both cover Difficulty, Domain, Scope; overlapping topics (advanced, against, agent-security, difficulty); pushes against this story (against).
Shared entity: Clinejection / Same source / Shared topic / What happened next
Clinejection: A GitHub Issue Title Compromised 4,000 Developer Machines
Both cover Clinejection; cite the same source (Source); overlapping topics (action, agent, attack, chain).
Shared entities / Shared topic / Earlier coverage
Harden Claude Code in GitHub Actions with Network Egress Monitoring
Both cover Difficulty, Domain, GitHub Actions; overlapping topics (action, advanced, agent); earlier Difficulty coverage from 2026-02-20.
Shared entities / Shared topic / What happened next
The Largest npm Worm of 2026 Carries Valid Supply Chain Attestations. That's the Real Problem.
Both cover GitHub Actions, OIDC; overlapping topics (action, attack, cache, chain); picks up the GitHub Actions thread on 2026-05-13.
Shared entities / Shared topic
Multi-Turn Jailbreak Detection Middleware (RLM-JB)
Both cover Difficulty, Domain; overlapping topics (advanced, agent, attack, defense, difficulty).
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — 2026-02-26
- AI generated
- no
- Story unit
- 2026-02-26-harden-ci-cd-against-ai-agent-supply-chain-attacks
- Labels
- source-backed, canonical briefing excerpt