Infringement
Account Sharing
Codebase Integrity Compromise
Data Loss
Delegated Execution via Artificial Intelligence Agents
Denial of Service
Disruption of Business Operations
Excessive Personal Use
Exfiltration via Email
Exfiltration via Media Capture
Exfiltration via Messaging Applications
Exfiltration via Other Network Medium
Exfiltration via Physical Medium
- Exfiltration via Bring Your Own Device (BYOD)
- Exfiltration via Disk Media
- Exfiltration via Floppy Disk
- Exfiltration via New Internal Drive
- Exfiltration via Physical Access to System Drive
- Exfiltration via Physical Documents
- Exfiltration via Target Disk Mode
- Exfiltration via USB Mass Storage Device
- Exfiltration via USB to Mobile Device
- Exfiltration via USB to USB Data Transfer
Exfiltration via Screen Sharing
Exfiltration via SMS/MMS
Exfiltration via Web Service
Harassment and Discrimination
Inappropriate Web Browsing
Installing Malicious Software
Installing Unapproved Software
Misappropriation of Funds
Non-Corporate Device
Providing Access to a Unauthorized Third Party
Public Statements Resulting in Brand Damage
Regulatory Non-Compliance
Sharing on AI Chatbot Platforms
Theft
Unauthorized Changes to IT Systems
Unauthorized Printing of Documents
Unauthorized VPN Client
Unlawfully Accessing Copyrighted Material
- ID: IF029
- Created: 21st March 2026
- Updated: 29th March 2026
- Contributor: The ITM Team
Codebase Integrity Compromise
A subject introduces, modifies, or manages code within an organizational repository in a manner that compromises the integrity, security, governance, or intended function of the codebase. This includes the addition of unauthorized features, insecure or non-compliant implementations, malicious logic, or changes that alter system behavior outside approved processes or expectations.
These actions occur through legitimate development workflows, such as commits, pull requests, merges, or dependency updates, using access granted as part of the subject’s role. As a result, the activity often appears routine at the point of execution and may inherit implicit trust through standard development and deployment pipelines.
Codebase integrity compromise may manifest in multiple forms, including:
- Introduction of backdoors, logic bombs, or hidden functionality
- Deliberate or reckless creation of vulnerabilities or insecure code
- Implementation of features or changes that bypass product, security, or governance approval
- Manipulation of dependencies, packages, or third-party components
- Subtle degradation of system performance, reliability, or correctness
The defining characteristic of this behavior is the misuse of trusted development access to alter the codebase in a way that undermines organisational control, security, or operational intent. The resulting impact may be immediate or delayed, with harmful effects often emerging only after deployment, integration, or specific runtime conditions are met.
Subsections (4)
| ID | Name | Description |
|---|---|---|
| IF029.004 | CI/CD Pipeline Code Manipulation | A subject modifies code or configuration within continuous integration and continuous deployment (CI/CD) pipelines in a manner that alters how software is built, tested, or deployed, resulting in reduced oversight, increased risk, or unauthorized system behavior.
This includes changes to build scripts, deployment logic, test execution steps, or pipeline controls that enable unreviewed code to be promoted, bypass validation mechanisms, or introduce additional functionality during the build or release process.
Because CI/CD pipelines govern how code transitions from development to production, manipulation at this level can propagate risk at scale and bypass traditional code review controls. These changes may be subtle and embedded within pipeline configuration, making detection dependent on monitoring pipeline integrity and change history. |
| IF029.003 | Dependency or Package Manipulation | A subject alters, introduces, or replaces software dependencies, libraries, or packages within an organizational codebase in a manner that introduces risk, bypasses approval processes, or embeds untrusted components.
This may include adding unapproved third-party libraries, switching to compromised or unofficial package sources, modifying dependency versions without validation, or introducing internally controlled packages that contain hidden or harmful functionality.
Dependency or package manipulation extends the codebase beyond internally developed logic, incorporating external or opaque components that may not be subject to the same level of scrutiny. This can introduce vulnerabilities, licensing issues, or supply chain risk, and may serve as a vector for indirect compromise of systems. |
| IF029.001 | Malicious or Harmful Code Contribution | A subject introduces code into an organizational repository that is designed to cause harm, enable unauthorized access, degrade system integrity, or facilitate future exploitation. This includes the deliberate insertion of backdoors, data exfiltration mechanisms, logic bombs, or code that weakens existing security controls.
The activity occurs through legitimate development workflows such as commits, pull requests, or merges, often making it indistinguishable from normal development at the point of submission. The harmful nature of the code may be concealed within complex logic, triggered under specific conditions, or embedded within otherwise functional changes.
This behavior represents a direct violation of trust, where the subject leverages authorized access to introduce persistent or latent risk into systems. Impact may not be immediately visible and can manifest post-deployment, during specific runtime conditions, or when triggered intentionally. |
| IF029.002 | Unauthorized Feature Implementation | A subject introduces functionality into an organizational codebase that falls outside approved requirements, defined scope, or organisational intent. This includes the addition of features, behaviors, or integrations that have not been authorized through product, security, or governance decision-making processes.
The infringement is defined by the presence of code that should not exist within the system, regardless of how it was introduced or whether it passed through standard development workflows. In some cases, such changes may appear technically valid or beneficial, but still violate organizational control, compliance requirements, or strategic direction. |