CI/CD as cloud surface TL;DR: GitHub Actions OIDC, GitLab JWT, CircleCI tokens — pipeline-issued creds that grant cloud-control plane. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO