The incident report always reads "human error" - a misconfigured runner, a committed token, or an overpermissioned service account attached to a build job that didn't need it.