Tal Skverer
Tal holds an M.Sc. in Computer Science and has a decade of experience in reverse engineering, web hacking and cryptography.
Tal is the Head of Research at Astrix Security, where he leads security research focused on non-human identity and AI agents. His work spans identity security, vulnerability discovery and threat detection. Tal has presented at DEF CON (2023, 2025), RSA Conference (2025), BSidesTLV, SNOWFroc, LASCON, and Reversim.
He is the co-lead of OWASP NHI Risks Top 10 and a contributor on Agentic Security. When not hunting identity vulnerabilities, he is likely running, solving puzzles, or rolling dice.
Session
What if creating a free GitHub account could give you access to a Fortune 500's AWS production environment? No credential theft, no phishing, just public data recon and a three-line workflow file.
OIDC-based workload identity is the industry's recommended replacement for static CI/CD credentials. But implementations across major developer platforms share a fundamental design flaw: they operate a single global OIDC issuer for all tenants and construct the sub claim from recyclable, human-readable namespace paths. This talk introduces "Sub:jugation," a vulnerability class independently present across all major CI/CD workflow providers (such as GitHub Actions, and GitLab CI).
We present the vulnerability and go beyond the theory: analysis of thousands of real AWS and Azure environments shows that a large percentage of namespace owners are vulnerable, each trusting and thus putting at risk an average of 10-12 distinct cloud identities.
We will show the sophisticated recon pipeline we built using public GitHub Code Search and namespace deletion monitoring to demonstrate that an external attacker can discover and exploit these "Phantom Cloud Identities" at scale. We will demo the full attack chain, share the data, and provide concrete steps practitioners can take to audit and remediate their environments today.