As part of an external audit (Deloitte, October 2025), it was identified that privileged account password rotation within Harness currently requires manual intervention and is not subject to adequate preventative or detective controls. The lack of a supported API for automated password rotation presents a risk to security and compliance.