On March 19 2026, Aqua Security’s Trivy fell victim to a supply‑chain breach. Attackers injected credential‑harvesting code into the official v0.69.4 binary. The malware ran unnoticed while scans reported clean results, silently exfiltrating API keys that lived as plaintext variables in CI/CD environments.

The attack exploited the fact that CI/CD pipelines automatically load secrets from managers like Vault, AWS Secrets Manager, Doppler, and Infisical. Those tools deliver keys as environment variables, giving any tool that runs—Trivy included—access to the full key. The compromised binary read the variable and sent the key to a remote C2 server.

VaultProof counters this model by never exposing the full key at runtime. It splits API keys into cryptographic shares stored separately; the CI/CD pipeline reconstructs the key only in memory for milliseconds before zeroing it. With no plaintext key present, a compromised Trivy binary finds nothing to harvest, breaking the attack chain.

This incident underscores that protecting secrets at rest is insufficient; safeguarding them in transit and during runtime is essential. Developers should adopt split‑key approaches or runtime‑only secret delivery mechanisms to prevent tools from reading full credentials. Until such practices become standard, supply‑chain attacks will remain a persistent threat to CI/CD pipelines.