Access to http://security.debian.org is currently restricted on releases* (and other) hosts. This isn't an issue for the host itself as it has an apt proxy configured.
However, containers that run there do not have proxies configured and as a result cannot update their apt caches from security.debian.org during builds.