Failure Pattern
Data pipelines connect multiple systems without verifying workload identity. Attackers compromise upstream nodes to poison or steal data.
What We See in the Field
A compromised ETL job sends data to an unauthorized destination. A data pipelines component runs with broad permissions. Monitoring tools cannot determine which workload triggered each step.
Underlying Causes
Shared credentials for pipeline stages
Overprivileged data service accounts
Blind trust within pipeline orchestration
High volume masking malicious steps
No identity validation between pipeline components
Trust-Native Network Resolution
DTL binds each pipeline stage to unique identity. Data transfers require trusted sessions. Unauthorized or unverified workloads cannot access or modify data flows.
Broken Trust Assumption
This failure pattern has played out repeatedly in real security incidents—not because of missing tools, but because of how trust is assigned.
In breaches such as SolarWinds, Capital One, Okta, and MOVEit, attackers did not bypass security controls. They operated through them, using valid identities, trusted credentials, signed code, and encrypted sessions. Security systems accepted these signals as proof of legitimacy, allowing malicious behavior to proceed.
The common thread across these incidents is structural: identity was assumed based on trust signals, not proven at the moment of execution.