The 2026 Cloud Threat Landscape: Credential Attacks, Identity, and What to Prioritize

Why this matters

The cloud attack surface shifted in 2025-2026. Identity-based attacks now account for the majority of cloud breaches, and the playbook from 2023 is out of date. In the last twelve months, we've seen the infrastructure-as-code era give way to an identity-and-supply-chain era. Your team's detection, response, and hardening priorities need to move with it.

1. The identity pivot

Credential theft is no longer a side effect of intrusion—it's the primary objective. AWS IAM keys leaked on GitHub, OAuth tokens harvested from compromised development machines, service account tokens exfiltrated from pod specs, federated identity tokens obtained through social engineering: all of these bypass your perimeter entirely and land the attacker directly in your cloud environment with legitimate-looking API calls.

The signal-to-noise problem is severe. A stolen access key authenticates like any other access key. If your detection story relies on anomalous API patterns, you're already one step behind. Session hijacking in particular—obtaining a temporary credential from one of your developers and replaying it from an attacker-controlled IP—is now the fastest path to persistence.

2. Supply chain hits the cloud

Initial access increasingly flows through your CI/CD pipeline rather than through phishing or vulnerability scanning. GitHub Actions have become the primary vector: compromised GitHub accounts with repository access, pull requests that inject malicious steps into workflows, third-party actions with unvetted code.

Once inside the CI/CD system, the attacker has access to all the secrets you've stored as repository secrets or environment variables. From there: infrastructure deployment credentials, cloud API keys, Kubernetes service accounts. We've seen attackers chain a single GitHub compromise into full AWS account access by harvesting the credentials used in the deployment pipeline. Terraform providers from alternative registries, npm packages with typo-squatted names—the attack surface is now your entire build dependency tree.

3. The metadata service remains the primary post-exploit target

Most cloud breaches we've investigated included a step where the attacker queried the metadata service (IMDS on AWS, metadata service on GCP/Azure) to obtain temporary credentials for the instance or pod. IMDSv2 with session tokens is enforced in some environments but not nearly all. We still see IMDSv1 enabled in production workloads—a standing invitation for SSRF-to-credential theft chains.

Kubernetes adds a new dimension: service account tokens mounted in pod filesystems, accessible from any container on the node if the CNI or container runtime has weak isolation. Once the attacker has a service account token, they can assume cloud roles bound to that Kubernetes identity and pull credentials from the metadata service. The chain is now pod → service account → Kubernetes IRSA → cloud IAM → credential.

4. Cross-tenant and cross-account attacks

Misconfigured role trust relationships remain the foundation of lateral movement. The "confused deputy" problem—where a role trusts a principal in another account without verifying the external ID, or where the trust condition is too broad—is now more dangerous because the attacker can establish legitimate-looking cloud credentials and move between accounts without ever leaving your logs clean.

We've also seen abuse of shared resources: a policy that grants an unprivileged role access to read a shared KMS key or S3 bucket, which the attacker then uses to decrypt or exfiltrate data. The cross-account assumption pattern is now the primary form of privilege escalation in cloud environments.

5. AI workloads as new attack surface

Every organization spinning up LLM inference endpoints or GPU instances for training has introduced a new class of credential exposure. These workloads typically run with broad IAM permissions (to access training data, model registries, vector databases) and often sit behind permissive network configurations to support high throughput.

Attackers are pivoting on these: compromise the model-serving endpoint, use the workload identity to access the training data store, or exploit the GPU instance's cloud metadata service access to obtain cross-account role credentials. The training data itself—often stored in S3 or other cloud storage with public or shared ACLs—has become a target for both espionage and compliance violations.

6. What to prioritize in 2026

Short-lived credentials. Not five-year static keys, not monthly rotation. Workload identity federation, temporary session credentials with embedded policy, API credentials that expire in hours. If you're still issuing long-lived IAM keys for CI/CD, Terraform, or SDK applications, you are the bottleneck.

Conditional access. Restrict API calls based on IP range, time of day, or device posture. This is the primary defense against session hijacking and credential misuse. Enable it for all IAM principals—users, service accounts, and federated identities.

Detection for identity-based TTPs. Start with API patterns that correlate with known attack paths: successive assume-role calls to enumerate cross-account permissions, metadata service queries from unexpected processes, data exfiltration through legitimate-looking read operations. Monitoring the CloudTrail logs for these patterns is more reliable than monitoring for network anomalies.

7. The tools that earned their keep this year

Prowler continues to be the most comprehensive cloud security scanner for compliance and detection. Its CIS benchmarks are current and its custom checks are granular enough to catch the identity misconfigs we outlined above. Limitation: it's still primarily a batch-scanning tool, not real-time detection.

ScoutSuite and CloudFox excel at mapping the attack surface. ScoutSuite aggregates cloud resources into a single graph; CloudFox specializes in AWS and is faster for pure IAM analysis. Neither is a detection tool, but both are invaluable for understanding your cross-account trust relationships and external access patterns.

Pacu (the AWS exploitation framework) is the offensive tool of choice for testing assume-role chains and metadata service access. Use it in your own AWS account to rehearse the attack paths. It's effective for identifying the exact misconfiguration that would allow an attacker to pivot from one account to another.

8. What we're watching for 2027

Workload identity poisoning. As more organizations move to IRSA and workload identity federation, the attack surface shifts to the identity provider itself. Attackers who can compromise the OIDC endpoint or forge tokens will have a direct path to any cloud environment that trusts that endpoint.

Serverless function abuse. Lambda, Cloud Functions, and Cloud Run instances are now a common deployment target for attacked workloads. Detection is harder because execution is ephemeral. An attacker who can create a new function or modify an existing one can execute arbitrary code without triggering alerts.

Field observations

What we saw in engagements this year: A retail organization's production Lambda function contained hardcoded AWS credentials in the function code. The credentials had been deployed six months earlier and rotated exactly zero times. An attacker who gained read access to the Lambda function would have obtained credentials valid for the entire production environment.

We also encountered a SaaS vendor whose GitHub Actions workflow included a step that logged all environment variables (for debugging). The environment variables included the AWS access key for their production deployment. The logs were retained for 90 days and visible to any developer who cloned the repository. The attacker only needed a single developer account compromise to retrieve these logs and assume full control of the production infrastructure.

The short version

Identity-based attacks now dominate cloud breaches. Stolen credentials, compromised CI/CD systems, and misconfigured cross-account trust relationships are the primary attack paths. Defend with short-lived credentials, workload identity federation, and conditional access. Monitor for credential misuse and lateral movement using CloudTrail patterns, not network behavior. Map your cross-account relationships and external access chains using tools like CloudFox and Prowler. Static credentials left unrotated for months are still a systemic problem. The infrastructure playbook from 2023 is now a compliance checkbox; the identity playbook from 2026 is your new priority.