The developer credential economy: Why exposure data is the new front line in the supply chain war

This analysis from Tenable frames recent incidents (the Axios npm compromise and the Anthropic Claude source leak) as evidence of a growing "Developer Credential Economy" in which attackers harvest privileged developer credentials within CI/CD and build pipelines; it argues EDR is insufficient because theft and weaponization occur in ephemeral upstream environments and recommends adopting Continuous Threat Exposure Management (CTEM), short-lived OIDC-based automation, lockfile/hook hardening, and attack-surface mapping (Tenable One) to proactively eliminate exposures before exploitation.