Internal adversary
Not considered are highly trusted insiders who might abuse their privileges with malicious intent (opsadmins).
Considered are internal adversaries with permissions in the dev environment (restricted access in the CI environment and git repository) trying to elevate their access to the prod environment.