SecTor 2025 | What If We Caught SUNBURST in CI/CD?

SUNBURST attack was a wake-up call to blue teams everywhere. It showed that nation-state attackers can exploit DevOps pipelines as stealthy backdoors. This talk explores what would have happened if we had embedded threat hunting in the build process itself.

Let’s reimagine how a tightly integrated DevSecOps pipeline – powered by eBPF, behaviour modeling, and AI-assisted detection – might have surfaced anomalies before malware ever shipped.

By: Aleksandr Krasnov | Security Engineer, Meta

Presentation Materials Available at:
https://blackhat.com/sector/2025/briefings/schedule/?#what-if-we-caught-sunburst-in-cicd-rewriting-the-solarwinds-playbook-with-ai-augmented-devsecops-47333Black HatRead More