Comment by lijok
2 years ago
If you're trying to sell a tool, you don't justify its cost by saying it addresses "huge problems" such as "security". Lets talk material impact; how will this tool pay for itself?
2 years ago
If you're trying to sell a tool, you don't justify its cost by saying it addresses "huge problems" such as "security". Lets talk material impact; how will this tool pay for itself?
Sorry, I am not trying to sell anything. I am not OP or parent poster.
If you want to hear about stories of privilege escalation there should be easy to find. I also have some on my own which I might describe in another post but essentially it was the classic - CI/CD pipeline that "thinks" it has access only to QA does a "destroy all servers" in both QA and Production because it also had access to production without knowing anything about it.
Famous HN (reddit) post: https://news.ycombinator.com/item?id=14476421
"Accidentally destroyed production database on first day of a job"
I also like the "integration tests reaching production" as well https://news.ycombinator.com/item?id=27546017
I think it's supposed to be like insurance. The cost of bad things happening inspires you to pay for things that give you peace of mind. I don't trust LLMs to give me peace of mind for security tasks, if anything, the opposite