Open-source software giant Red Hat has confirmed that one of its GitLab instances, dedicated to consulting engagements, was breached. The attackers, a group calling itself “Crimson Collective,” claim to have taken nearly 28,000 private repositories and roughly 800 Customer Engagement Reports (CERs).

CERs often contain detailed records of client environments – network diagrams, configuration data, authentication tokens, even full database URIs. In other words, they mix context with credentials for convenience, turning a reference document into both the map and the keys for the client’s environment.

The attackers in this case published a directory listing of these reports, revealing a client roster that stretches from major banks and telecoms to U.S. government bodies and agencies. While Red Hat has sought to limit the scope by emphasizing that the incident affects only its consulting division, the breach illustrates how supply-chain trust can unravel when credentials and architectural details are spread across third parties.

Consulting engagements often serve as connective tissue between enterprises and their vendors. A consulting report might live in a repository that also contains scripts and tokens used for proof-of-concept deployments. Over time, those codebases accumulate sensitive material that extends well beyond the engagement itself. Once exposed, they become launchpads for lateral movement into customer environments.

History shows how these patterns play out – and it was a reminder of why GitLab had been front of mind for us. We have just come off a major campaign around credential lifecycle management for GitLab, announcing new capabilities to replace long-lived personal access tokens with short-lived, identity-driven credentials that appear only when needed.

The emphasis on CI/CD was deliberate. GitHub and GitLab repositories have repeatedly yielded OAuth tokens, cloud keys, and service account credentials. Pearson and the Internet Archive both recently saw GitLab token exposure lead to data theft. In another case, attackers moved from a partner’s GitHub account into Salesforce customer environments by abusing long-lived tokens. Each time, the common denominator was the same: non-human identities represented by static credentials, stored in places never intended to serve as long-term vaults. And now, with agentic AI workloads beginning to operate side by side with traditional software development pipelines, the number of non-human identities multiplying inside repositories is only growing.