Internal developer platforms are emerging as a means of reducing the cognitive burden on software developers. They integrate independent DevOps tools into a unified framework and present a streamlined path to code publication. Forward-looking organizations have begun to adopt internal developer platforms in order to improve the efficiency and work experience among their software teams. This transition significantly alters the organization’s software development and deployment architecture. The purpose of this research is to examine the architectural changes in terms of risk management. A semi-quantitative risk analysis of the old and new architectures is performed. The architectures are compared in terms of 74 specific threat vectors. Two high-level implications are: (1) the internal developer platform provides the security team with a centralized point of control over network and authentication parameters and (2) it expands the software attack surface and creates a priority target for attackers. Further implications are discussed.