Cybersecurity firm Trellix has disclosed that unauthorized attackers gained access to a portion of its internal source code repository, marking yet another breach targeting the security industry itself. The company, formed from the merger of McAfee Enterprise and FireEye, protects over 200 million endpoints and serves more than 50,000 business and government customers worldwide.

Trellix stated that based on its investigation to date, it found no evidence that its source code release or distribution process was affected, or that the stolen source code has been exploited. The company said it immediately engaged leading forensic experts and notified law enforcement upon discovery. The identity of the threat actors and the specific attack vector remain undisclosed as the investigation continues.

Security analysts at UpGuard rated the breach severity as medium but warned of significant downstream risks. Isaac Evans, founder of Semgrep, cautioned that source code access grants attackers considerable advantages, noting that for security companies it can provide a roadmap to where controls live, how detections are written, and where trusted update or build paths may be exposed. The stolen code could enable targeted zero-day development against Trellix products deployed across thousands of organizations.

The breach fits a troubling 2026 pattern of threat actors systematically targeting cybersecurity vendors and open-source security tools. SecurityWeek analysis points to potential connections with the TeamPCP and Lapsus$ threat groups, which have been compromising CI/CD pipelines and development infrastructure across the security industry. Recent victims of similar supply chain campaigns include Aqua Security, Checkmarx, and several enterprise software providers.

Trellix has not disclosed which specific products were affected, the duration of attacker access, or whether corporate or customer data was also compromised. The company stated it intends to share further details as appropriate once the investigation is complete.

Organizations running Trellix products should apply all security updates promptly, monitor official Trellix security bulletins, and watch for targeted phishing campaigns that may leverage technical knowledge obtained from the stolen source code. Security teams should also implement continuous attack surface monitoring and audit third-party software access permissions.