# Securing Your Code Isn't Enough: The Sprawling Attack Surface Beyond Application Code


When Glasswing Technologies announced hardened security measures for code repositories, it represented an important step forward in application security. Yet the announcement inadvertently highlighted a much larger, more systemic problem in modern software infrastructure: organizations are securing their code while leaving nearly every other component of their stack exposed to compromise.


The reality is stark. Even perfectly secured code becomes irrelevant when attackers can pivot through forgotten SaaS integrations, exploit shadow IT deployments, hijack unmanaged AI agents, or chain vulnerabilities across dozens of third-party services that your security team doesn't even know exist. For attackers, sophisticated AI models aren't required—basic reconnaissance and credential harvesting suffice when organizations have left the front door wide open.


## The Threat: A Growing Perimeter That Nobody Maps


The problem begins with a fundamental mismatch between where security teams focus and where actual vulnerabilities exist.


Traditional security investments have centered on:

  • Securing source code repositories
  • Scanning dependencies for known vulnerabilities
  • Protecting build pipelines
  • Validating code commits and artifacts

    • What remains largely unmonitored:

  • SaaS applications connected to core infrastructure
  • Dormant integrations from abandoned projects
  • Developer-provisioned cloud resources
  • Unapproved AI models and agents
  • Third-party API credentials scattered across documentation, chat platforms, and environment files
  • Webhooks, automation flows, and integrations nobody remembers installing

    • This mismatch creates a sprawling attack surface that grows faster than security teams can audit. A 2024 survey found that the average organization uses 254 SaaS applications—yet security teams have visibility into roughly 30% of them. The rest operate as shadow IT: known to exist, but not tracked, not managed, and not secured.


    ## Background and Context: The Evolution of the Unmanaged Stack


    The problem didn't emerge overnight. It evolved in stages:


    Wave 1: Shadow IT (2010s)

    As cloud platforms became accessible, individual developers and teams began provisioning their own databases, storage buckets, and compute resources without IT oversight. Thousands of AWS S3 buckets exposed sensitive data because nobody knew they existed.


    Wave 2: Unbounded SaaS Integration (Late 2010s–2020s)

    Marketing teams added analytics platforms. HR adopted Workday. Engineering subscribed to specialized tools. Each integration created new trust relationships, new API credentials, and new potential compromise points. Most were never formally documented.


    Wave 3: The Agent Era (2024–Present)

    With the rise of large language models and autonomous agents, a new layer of complexity emerged. Engineering teams began deploying custom-built agents—internal tools that interact with APIs, databases, and external services, often with broad permissions. Some of these agents run continuously in production. Most are built quickly without formal security review.


    ## Technical Details: How Attackers Exploit the Unmanaged Stack


    Attackers don't need to breach your hardened code repository. They follow much simpler paths:


    ### Credential Harvesting

    Forgotten API keys in old documentation, commit history (even after deletion), Slack channels, and shared drives remain valid long after the associated projects shut down. A single exposed key grants access to internal systems, often with the permissions granted months or years earlier when the scope was different.


    ### Integration Compromise

    A compromised third-party SaaS integration can become a permanent backdoor. If an attacker gains access to your Slack workspace API token, they can read all messages, exfiltrate files, and establish persistent access. The integration may have been installed two years ago; your security team likely doesn't audit third-party apps installed in Slack.


    ### Agent Misconfiguration

    Autonomous agents often run with broad permissions: database access, the ability to execute commands, permissions to invoke other services. If an agent is deployed with overly permissive settings and an attacker finds an input injection vector, the agent itself becomes an exploitation platform.


    ### Supply Chain Through Integration

    If an attacker compromises a lesser-known tool integrated into your workflow—say, a custom analytics service or an internal chatbot connected to Slack—they can use that position to inject malicious code, steal data, or pivot deeper into your infrastructure.


    ## The Growing Complexity: SaaS, Agents, and Infinite Integration Chains


    Modern infrastructure has become a tangled web of interdependencies that no single team fully understands:


    | Component | Risk Level | Visibility | Typical Oversight |

    |-----------|-----------|------------|-------------------|

    | Source code repositories | Medium | High | Formal governance |

    | SaaS applications (known) | Medium-High | Medium | Inconsistent audits |

    | Shadow SaaS (unknown) | High | Very Low | None |

    | Autonomous agents | Critical | Low | Ad hoc review |

    | API integrations | High | Medium | Rarely rotated |

    | Third-party webhooks | High | Very Low | Often forgotten |

    | Vendor integrations | High | Low | Outdated documentation |


    Each integration point is a potential compromise vector. Worse, integrations create chains of trust: if your analytics tool has access to your database, and an attacker compromises your analytics tool, they inherit that database access.


    Agents add another layer of complexity. Unlike static integrations, agents can be updated, redeployed, and repurposed. They often invoke multiple services, meaning a single compromised agent can be a jumping-off point for lateral movement across your entire stack.


    ## Implications: Why This Matters Now


    For organizations of all sizes, the implications are serious:


    1. Incident response becomes nearly impossible. When you don't know what SaaS apps you use, you can't audit logs after a breach. When you don't know what agents are running, you can't trace the attack path.


    2. Compliance becomes a fiction. SOC 2, ISO 27001, and HIPAA audits assume you know and control your infrastructure. If you're using unknown SaaS apps, you're likely in violation without realizing it.


    3. Attackers get many more viable paths. Even if your code is hardened, attackers only need to find *one* unmanaged integration, one dormant API key, or one misconfigured agent. The odds dramatically favor them.


    4. The attack surface is accelerating. As AI and autonomous agents become commonplace, the number of integration points will explode. Without new governance mechanisms, the problem will compound.


    ## Recommendations: Regaining Control of Your Stack


    Securing code is necessary but insufficient. Organizations need a comprehensive approach:


    Immediate Actions:

  • Conduct a SaaS audit. Use tools to discover all SaaS applications. Interview teams about tools they use. Document which applications have access to sensitive data.
  • Map integrations and APIs. Identify all active integrations, webhooks, and API connections. Document which services can reach which internal systems.
  • Inventory agents and automations. List all custom-built agents, bots, and automation flows. Review permissions granted to each.
  • Rotate or revoke old credentials. For APIs and integrations older than 12 months without documented owners, rotate the credential and monitor for breakage.

    • Medium-Term Governance:

  • Require approval for new SaaS applications and integrations. Implement a lightweight review process so integrations aren't added silently.
  • Establish agent governance standards. Define minimum security requirements for autonomous agents: least privilege, audit logging, regular reviews, permission justification.
  • Monitor third-party access. Regularly audit which third-party applications have access to Slack, Google Workspace, GitHub, or other critical systems.
  • Document the dependency graph. Create a living document of which systems trust which other systems. Use it to model attack paths.

    • Long-Term Architecture:

  • Assume compromise of integration points. Design systems so that compromise of a single integration (SaaS app, agent, or API) has limited blast radius.
  • Implement centralized logging for all integrations. Ensure all API calls, webhook invocations, and agent actions are logged centrally and retained for forensics.
  • Adopt zero-trust principles for integrations. Don't assume that because an integration is internal, it's safe. Verify identity and permissions every time.

    • ## Conclusion: Security Requires Honesty About Your Infrastructure


    Glasswing's hardening of code repositories is valuable. But it's one small piece of a much larger puzzle. The uncomfortable truth is that many organizations don't fully know what their own infrastructure looks like—which services it uses, which integrations are active, which agents are running, and what permissions each has.


    Attackers don't need sophisticated AI to win. They just need your organization to remain unaware of its own stack. Regaining control requires first admitting you've lost it, then systematically mapping, auditing, and governing every component—not just code, but integrations, SaaS, agents, and APIs. Only then will code security become meaningful.


    The window to act is closing. As autonomous agents proliferate, the complexity will only grow. Teams that start mapping and controlling their stack today will be far ahead of those still searching for compromise later.