AI-driven phishing is turning GitHub into a bigger attack surface than most teams realize

Aceiss — Tue, 03 Mar 2026 20:49:23 +0000

AI has made phishing attacks dramatically more convincing — and far more scalable.

Instead of clumsy emails, we’re seeing highly contextual impersonation that targets developers directly. And once identity is compromised, GitHub becomes a high-leverage entry point.

Why GitHub?

Because it sits at the center of:

Source code
CI/CD pipelines
Deployment workflows
Secrets and credentials
Third-party integrations

A compromised GitHub identity isn’t just an account issue. It can turn into:

Supply chain risk – malicious commits, dependency poisoning, or backdoors that get distributed downstream (SolarWinds is the obvious large-scale example).

Operational disruption – deleted repos, forced pushes, permission changes, or locked-out teams.

IP theft / espionage – especially in industries like automotive, defense, or AI infrastructure.

What’s interesting is that most teams can see:

Roles
Repo permissions
Org membership

But they often can’t easily see:

When access was actually last used
Dormant or overprivileged tokens
Installed bots and third-party apps across the org
Effective access patterns across all repos

With phishing increasingly targeting identities instead of infrastructure, visibility into actual access usage feels more important than ever.

Curious how others here are approaching GitHub identity risk:

Are you auditing PAT usage regularly?
How are you monitoring bot access?
Do you track unused or stale privileges across orgs?

(Disclosure: I’m involved with a company working on this problem — happy to share details if helpful, but mainly interested in how others are thinking about the issue. Contact: support@aceiss.com)

DEV Community: Aceiss

AI-driven phishing is turning GitHub into a bigger attack surface than most teams realize